2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
106 #include <lmaccess.h>
113 #include <moira_site.h>
114 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define WINADCFG "/moira/winad/winad.cfg"
145 #define strnicmp(A,B,C) strncasecmp(A,B,C)
146 #define UCHAR unsigned char
148 #define UF_SCRIPT 0x0001
149 #define UF_ACCOUNTDISABLE 0x0002
150 #define UF_HOMEDIR_REQUIRED 0x0008
151 #define UF_LOCKOUT 0x0010
152 #define UF_PASSWD_NOTREQD 0x0020
153 #define UF_PASSWD_CANT_CHANGE 0x0040
154 #define UF_DONT_EXPIRE_PASSWD 0x10000
156 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157 #define UF_NORMAL_ACCOUNT 0x0200
158 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160 #define UF_SERVER_TRUST_ACCOUNT 0x2000
162 #define OWNER_SECURITY_INFORMATION (0x00000001L)
163 #define GROUP_SECURITY_INFORMATION (0x00000002L)
164 #define DACL_SECURITY_INFORMATION (0x00000004L)
165 #define SACL_SECURITY_INFORMATION (0x00000008L)
168 #define BYTE unsigned char
170 typedef unsigned int DWORD;
171 typedef unsigned long ULONG;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
181 typedef struct _SID_IDENTIFIER_AUTHORITY {
183 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
185 typedef struct _SID {
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
194 #define WINADCFG "winad.cfg"
198 #define WINAFS "\\\\afs\\all\\"
200 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
201 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
206 #define QUERY_VERSION -1
207 #define PRIMARY_REALM "ATHENA.MIT.EDU"
216 #define MEMBER_REMOVE 2
217 #define MEMBER_CHANGE_NAME 3
218 #define MEMBER_ACTIVATE 4
219 #define MEMBER_DEACTIVATE 5
220 #define MEMBER_CREATE 6
222 #define MOIRA_ALL 0x0
223 #define MOIRA_USERS 0x1
224 #define MOIRA_KERBEROS 0x2
225 #define MOIRA_STRINGS 0x4
226 #define MOIRA_LISTS 0x8
228 #define CHECK_GROUPS 1
229 #define CLEANUP_GROUPS 2
231 #define AD_NO_GROUPS_FOUND -1
232 #define AD_WRONG_GROUP_DN_FOUND -2
233 #define AD_MULTIPLE_GROUPS_FOUND -3
234 #define AD_INVALID_NAME -4
235 #define AD_LDAP_FAILURE -5
236 #define AD_INVALID_FILESYS -6
237 #define AD_NO_ATTRIBUTE_FOUND -7
238 #define AD_NO_OU_FOUND -8
239 #define AD_NO_USER_FOUND -9
241 /* container arguments */
242 #define CONTAINER_NAME 0
243 #define CONTAINER_DESC 1
244 #define CONTAINER_LOCATION 2
245 #define CONTAINER_CONTACT 3
246 #define CONTAINER_TYPE 4
247 #define CONTAINER_ID 5
248 #define CONTAINER_ROWID 6
249 #define CONTAINER_GROUP_NAME 7
251 /*mcntmap arguments*/
252 #define OU_MACHINE_NAME 0
253 #define OU_CONTAINER_NAME 1
254 #define OU_MACHINE_ID 2
255 #define OU_CONTAINER_ID 3
256 #define OU_CONTAINER_GROUP 4
258 typedef struct lk_entry {
268 struct lk_entry *next;
271 #define STOP_FILE "/moira/winad/nowinad"
272 #define file_exists(file) (access((file), F_OK) == 0)
274 #define N_SD_BER_BYTES 5
275 #define LDAP_BERVAL struct berval
276 #define MAX_SERVER_NAMES 32
278 #define HIDDEN_GROUP "HiddenGroup.g"
279 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
280 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
281 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
283 #define ADD_ATTR(t, v, o) \
284 mods[n] = malloc(sizeof(LDAPMod)); \
285 mods[n]->mod_op = o; \
286 mods[n]->mod_type = t; \
287 mods[n++]->mod_values = v
289 #define DEL_ATTR(t, o) \
290 DelMods[i] = malloc(sizeof(LDAPMod)); \
291 DelMods[i]->mod_op = o; \
292 DelMods[i]->mod_type = t; \
293 DelMods[i++]->mod_values = NULL
295 #define DOMAIN_SUFFIX "MIT.EDU"
296 #define DOMAIN "DOMAIN: "
297 #define SERVER "SERVER: "
298 #define MSSFU "SFU: "
301 LK_ENTRY *member_base = NULL;
302 LK_ENTRY *sid_base = NULL;
303 LK_ENTRY **sid_ptr = NULL;
304 static char tbl_buf[1024];
305 char kerberos_ou[] = "OU=kerberos,OU=moira";
306 char contact_ou[] = "OU=strings,OU=moira";
307 char user_ou[] = "OU=users,OU=moira";
308 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
309 char group_ou_root[] = "OU=lists,OU=moira";
310 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
311 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
312 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
313 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
314 char orphans_other_ou[] = "OU=Other,OU=Orphans";
315 char security_template_ou[] = "OU=security_templates";
317 char ldap_domain[256];
318 char *ServerList[MAX_SERVER_NAMES];
319 int mr_connections = 0;
321 char default_server[256];
322 static char tbl_buf[1024];
325 extern int set_password(char *user, char *password, char *domain);
327 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
328 char *group_membership, char *MoiraId, char *attribute,
329 LK_ENTRY **linklist_base, int *linklist_count,
331 void AfsToWinAfs(char* path, char* winPath);
332 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
333 char *Win2kPassword, char *Win2kUser, char *default_server,
334 int connect_to_kdc, char **ServerList, int *IgnoreMasterSeverError);
335 void ad_kdc_disconnect();
336 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
337 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
338 void check_winad(void);
339 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
341 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
342 char *distinguishedName, int count, char **av);
343 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
344 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
345 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
346 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
347 char *distinguishedName, int count, char **av);
348 void container_get_dn(char *src, char *dest);
349 void container_get_name(char *src, char *dest);
350 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
351 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
352 int afterc, char **after);
353 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
354 int afterc, char **after);
356 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
357 char *fs_type, char *fs_pack, int operation);
358 int GetAceInfo(int ac, char **av, void *ptr);
359 int GetServerList(char *ldap_domain, char **MasterServe);
360 int get_group_membership(char *group_membership, char *group_ou,
361 int *security_flag, char **av);
362 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
363 int Moira_container_group_create(char **after);
364 int Moira_container_group_delete(char **before);
365 int Moira_groupname_create(char *GroupName, char *ContainerName,
366 char *ContainerRowID);
367 int Moira_container_group_update(char **before, char **after);
368 int Moira_process_machine_container_group(char *MachineName, char* groupName,
370 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
371 int Moira_getContainerGroup(int ac, char **av, void *ptr);
372 int Moira_getGroupName(char *origContainerName, char *GroupName,
374 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
375 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
376 int UpdateGroup, int *ProcessGroup);
377 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
378 char *group_name, char *group_ou, char *group_membership,
379 int group_security_flag, int type);
380 int process_lists(int ac, char **av, void *ptr);
381 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
382 int HiddenGroup, char *AceType, char *AceName);
383 int ProcessMachineName(int ac, char **av, void *ptr);
384 int user_create(int ac, char **av, void *ptr);
385 int user_change_status(LDAP *ldap_handle, char *dn_path,
386 char *user_name, char *MoiraId, int operation);
387 int user_delete(LDAP *ldap_handle, char *dn_path,
388 char *u_name, char *MoiraId);
389 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
391 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
392 char *uid, char *MitId, char *MoiraId, int State,
393 char *WinHomeDir, char *WinProfileDir);
394 void change_to_lower_case(char *ptr);
395 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
396 int group_create(int ac, char **av, void *ptr);
397 int group_delete(LDAP *ldap_handle, char *dn_path,
398 char *group_name, char *group_membership, char *MoiraId);
399 int group_rename(LDAP *ldap_handle, char *dn_path,
400 char *before_group_name, char *before_group_membership,
401 char *before_group_ou, int before_security_flag, char *before_desc,
402 char *after_group_name, char *after_group_membership,
403 char *after_group_ou, int after_security_flag, char *after_desc,
404 char *MoiraId, char *filter);
405 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
406 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
407 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
408 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
409 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
410 char *group_name, char *group_ou, char *group_membership,
411 int group_security_flag, int updateGroup);
412 int member_list_build(int ac, char **av, void *ptr);
413 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
414 char *group_ou, char *group_membership,
415 char *user_name, char *pUserOu, char *MoiraId);
416 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
417 char *group_ou, char *group_membership, char *user_name,
418 char *pUserOu, char *MoiraId);
419 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
420 char *group_ou, char *group_membership,
421 int group_security_flag, char *MoiraId);
422 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
423 char *WinHomeDir, char *WinProfileDir,
424 char **homedir_v, char **winProfile_v,
425 char **drives_v, LDAPMod **mods,
427 int sid_update(LDAP *ldap_handle, char *dn_path);
428 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
429 int check_string(char *s);
430 int check_container_name(char* s);
431 void convert_b_to_a(char *string, UCHAR *binary, int length);
432 int mr_connect_cl(char *server, char *client, int version, int auth);
434 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
435 char **before, int beforec, char **after, int afterc);
436 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
437 char **before, int beforec, char **after, int afterc);
438 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
439 char **before, int beforec, char **after, int afterc);
440 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
441 char **before, int beforec, char **after, int afterc);
442 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
443 char **before, int beforec, char **after, int afterc);
444 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
445 char **before, int beforec, char **after, int afterc);
446 int linklist_create_entry(char *attribute, char *value,
447 LK_ENTRY **linklist_entry);
448 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
449 char **attr_array, LK_ENTRY **linklist_base,
450 int *linklist_count, unsigned long ScopeType);
451 void linklist_free(LK_ENTRY *linklist_base);
453 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
454 char *distinguished_name, LK_ENTRY **linklist_current);
455 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
456 LK_ENTRY **linklist_base, int *linklist_count);
457 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
458 char *Attribute, char *distinguished_name,
459 LK_ENTRY **linklist_current);
461 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
462 char *oldValue, char *newValue,
463 char ***modvalues, int type);
464 void free_values(char **modvalues);
466 int convert_domain_to_dn(char *domain, char **bind_path);
467 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
468 char *distinguished_name);
469 int moira_disconnect(void);
470 int moira_connect(void);
471 void print_to_screen(const char *fmt, ...);
472 int GetMachineName(char *MachineName);
474 int main(int argc, char **argv)
484 int IgnoreServerListError;
493 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
497 com_err(whoami, 0, "%s", "argc < 4");
500 beforec = atoi(argv[2]);
501 afterc = atoi(argv[3]);
503 if (argc < (4 + beforec + afterc))
505 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
511 after = &argv[4 + beforec];
513 for (i = 1; i < argc; i++)
515 strcat(tbl_buf, argv[i]);
516 strcat(tbl_buf, " ");
518 com_err(whoami, 0, "%s", tbl_buf);
522 memset(ldap_domain, '\0', sizeof(ldap_domain));
523 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
524 memset(temp, '\0', sizeof(temp));
529 if ((fptr = fopen(WINADCFG, "r")) != NULL)
531 while (fgets(temp, sizeof(temp), fptr) != 0)
533 for (i = 0; i < (int)strlen(temp); i++)
534 temp[i] = toupper(temp[i]);
535 if (temp[strlen(temp) - 1] == '\n')
536 temp[strlen(temp) - 1] = '\0';
537 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
539 if (strlen(temp) > (strlen(DOMAIN)))
541 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
544 else if (!strncmp(temp, SERVER, strlen(SERVER)))
546 if (strlen(temp) > (strlen(SERVER)))
548 ServerList[Count] = calloc(1, 256);
549 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
553 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
555 if (strlen(temp) > (strlen(MSSFU)))
557 if (!strcmp(&temp[strlen(MSSFU)], SFUTYPE))
563 strcpy(ldap_domain, temp);
569 if (strlen(ldap_domain) == 0)
570 strcpy(ldap_domain, "win.mit.edu");
571 /* zero trailing newline, if there is one. */
572 if (ldap_domain[strlen(ldap_domain) - 1] == '\n')
573 ldap_domain[strlen(ldap_domain) - 1] = '\0';
575 initialize_sms_error_table();
576 initialize_krb_error_table();
578 IgnoreServerListError = 0;
579 if (ServerList[0] == NULL)
581 IgnoreServerListError = 1;
582 GetServerList(ldap_domain, ServerList);
584 for (i = 0; i < MAX_SERVER_NAMES; i++)
586 if (ServerList[i] != 0)
588 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
589 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
590 strcat(ServerList[i], ".");
591 strcat(ServerList[i], ldap_domain);
592 for (k = 0; k < (int)strlen(ServerList[i]); k++)
593 ServerList[i][k] = toupper(ServerList[i][k]);
597 memset(default_server, '\0', sizeof(default_server));
598 memset(dn_path, '\0', sizeof(dn_path));
599 for (i = 0; i < 5; i++)
601 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
602 default_server, 1, ServerList, &IgnoreServerListError)))
604 if (IgnoreServerListError < 0)
606 GetServerList(ldap_domain, ServerList);
607 for (j = 0; j < MAX_SERVER_NAMES; j++)
609 if (ServerList[j] != NULL)
611 if (ServerList[j][strlen(ServerList[j]) - 1] == '\n')
612 ServerList[j][strlen(ServerList[j]) - 1] = '\0';
613 strcat(ServerList[j], ".");
614 strcat(ServerList[j], ldap_domain);
615 for (k = 0; k < (int)strlen(ServerList[j]); k++)
616 ServerList[j][k] = toupper(ServerList[j][k]);
619 IgnoreServerListError = 1;
626 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
630 for (i = 0; i < (int)strlen(table); i++)
631 table[i] = tolower(table[i]);
632 if (!strcmp(table, "users"))
633 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
635 else if (!strcmp(table, "list"))
636 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
638 else if (!strcmp(table, "imembers"))
639 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
641 else if (!strcmp(table, "filesys"))
642 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
644 else if (!strcmp(table, "containers"))
645 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
647 else if (!strcmp(table, "mcntmap"))
648 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
650 if (OldUseSFU30 != UseSFU30)
652 GetServerList(ldap_domain, ServerList);
655 for (i = 0; i < MAX_SERVER_NAMES; i++)
657 if (ServerList[i] != NULL)
660 ServerList[i] = NULL;
663 rc = ldap_unbind_s(ldap_handle);
667 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
668 char **before, int beforec, char **after, int afterc)
670 char MoiraContainerName[128];
671 char ADContainerName[128];
672 char MachineName[1024];
673 char OriginalMachineName[1024];
676 char MoiraContainerGroup[64];
679 memset(ADContainerName, '\0', sizeof(ADContainerName));
680 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
682 if ((beforec == 0) && (afterc == 0))
685 if (rc = moira_connect())
687 critical_alert("AD incremental",
688 "Error contacting Moira server : %s",
693 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
695 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
696 strcpy(MachineName, before[OU_MACHINE_NAME]);
697 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
699 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
701 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
703 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
704 strcpy(MachineName, after[OU_MACHINE_NAME]);
705 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
706 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
714 rc = GetMachineName(MachineName);
715 if (strlen(MachineName) == 0)
718 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
721 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
723 if (machine_check(ldap_handle, dn_path, MachineName))
725 com_err(whoami, 0, "machine %s (alias %s) not found in AD.", OriginalMachineName, MachineName);
729 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
730 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
731 if (strlen(MoiraContainerName) == 0)
733 com_err(whoami, 0, "machine %s (alias %s) container not found in Moira - moving to orphans OU.",
734 OriginalMachineName, MachineName);
735 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
739 container_get_dn(MoiraContainerName, ADContainerName);
740 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
741 strcat(MoiraContainerName, "/");
742 container_check(ldap_handle, dn_path, MoiraContainerName);
743 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
748 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
749 char **before, int beforec, char **after, int afterc)
753 if ((beforec == 0) && (afterc == 0))
756 if (rc = moira_connect())
758 critical_alert("AD incremental", "Error contacting Moira server : %s",
763 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
765 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
766 container_delete(ldap_handle, dn_path, beforec, before);
767 Moira_container_group_delete(before);
771 if ((beforec == 0) && (afterc != 0)) /*create a container*/
773 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
774 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
775 container_create(ldap_handle, dn_path, afterc, after);
776 Moira_container_group_create(after);
781 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
783 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
784 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
785 Moira_container_group_update(before, after);
789 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
790 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
791 Moira_container_group_update(before, after);
796 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
797 char **before, int beforec, char **after, int afterc)
810 if (afterc < FS_CREATE)
814 atype = !strcmp(after[FS_TYPE], "AFS");
815 acreate = atoi(after[FS_CREATE]);
818 if (beforec < FS_CREATE)
820 if (acreate == 0 || atype == 0)
822 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
826 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
827 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
829 if (rc != LDAP_SUCCESS)
830 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
837 if (rc = moira_connect())
839 critical_alert("AD incremental",
840 "Error contacting Moira server : %s",
844 av[0] = after[FS_NAME];
845 call_args[0] = (char *)ldap_handle;
846 call_args[1] = dn_path;
852 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
856 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
862 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
865 if (sid_base != NULL)
867 sid_update(ldap_handle, dn_path);
868 linklist_free(sid_base);
876 btype = !strcmp(before[FS_TYPE], "AFS");
877 bcreate = atoi(before[FS_CREATE]);
878 if (afterc < FS_CREATE)
880 if (btype && bcreate)
882 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
883 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
885 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
894 if (!atype && !btype)
896 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
898 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
899 before[FS_NAME], after[FS_NAME]);
903 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
907 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
908 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
910 if (rc != LDAP_SUCCESS)
911 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
918 if (rc = moira_connect())
920 critical_alert("AD incremental",
921 "Error contacting Moira server : %s",
925 av[0] = after[FS_NAME];
926 call_args[0] = (char *)ldap_handle;
927 call_args[1] = dn_path;
933 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
937 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
943 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
946 if (sid_base != NULL)
948 sid_update(ldap_handle, dn_path);
949 linklist_free(sid_base);
959 #define L_LIST_DESC 9
962 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
963 char **before, int beforec, char **after, int afterc)
968 char group_membership[6];
973 char before_list_id[32];
974 char before_group_membership[1];
975 int before_security_flag;
976 char before_group_ou[256];
977 LK_ENTRY *ptr = NULL;
979 if (beforec == 0 && afterc == 0)
982 memset(list_id, '\0', sizeof(list_id));
983 memset(before_list_id, '\0', sizeof(before_list_id));
984 memset(before_group_ou, '\0', sizeof(before_group_ou));
985 memset(before_group_membership, '\0', sizeof(before_group_membership));
986 memset(group_ou, '\0', sizeof(group_ou));
987 memset(group_membership, '\0', sizeof(group_membership));
992 if (beforec < L_LIST_ID)
994 if (beforec > L_LIST_DESC)
996 strcpy(before_list_id, before[L_LIST_ID]);
998 before_security_flag = 0;
999 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
1003 if (afterc < L_LIST_ID)
1005 if (afterc > L_LIST_DESC)
1007 strcpy(list_id, before[L_LIST_ID]);
1010 get_group_membership(group_membership, group_ou, &security_flag, after);
1013 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1020 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1021 before_group_ou, before_group_membership,
1022 before_security_flag, CHECK_GROUPS)))
1024 if (rc == AD_NO_GROUPS_FOUND)
1028 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1030 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1031 before_group_ou, before_group_membership,
1032 before_security_flag, CLEANUP_GROUPS);
1034 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1036 com_err(whoami, 0, "Could not change list name from %s to %s",
1037 before[L_NAME], after[L_NAME]);
1040 if (rc == AD_NO_GROUPS_FOUND)
1046 if ((beforec != 0) && (afterc != 0))
1048 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1049 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1050 (strcmp(before_group_ou, group_ou)))) &&
1053 com_err(whoami, 0, "Changing list name from %s to %s",
1054 before[L_NAME], after[L_NAME]);
1055 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1056 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1058 com_err(whoami, 0, "%s", "couldn't find the group OU's");
1061 memset(filter, '\0', sizeof(filter));
1062 if ((rc = group_rename(ldap_handle, dn_path,
1063 before[L_NAME], before_group_membership,
1064 before_group_ou, before_security_flag, before[L_LIST_DESC],
1065 after[L_NAME], group_membership,
1066 group_ou, security_flag, after[L_LIST_DESC],
1069 if (rc != AD_NO_GROUPS_FOUND)
1071 com_err(whoami, 0, "Could not change list name from %s to %s",
1072 before[L_NAME], after[L_NAME]);
1085 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1087 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1099 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1100 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1101 group_ou, group_membership,
1102 security_flag, CHECK_GROUPS))
1104 if (rc != AD_NO_GROUPS_FOUND)
1106 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1108 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1109 group_ou, group_membership,
1110 security_flag, CLEANUP_GROUPS);
1114 com_err(whoami, 0, "Could not create list %s", after[L_NAME]);
1121 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1123 if (rc = moira_connect())
1125 critical_alert("AD incremental",
1126 "Error contacting Moira server : %s",
1132 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1136 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1139 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1140 group_ou, group_membership, security_flag, updateGroup))
1145 if (atoi(after[L_ACTIVE]))
1147 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1148 group_membership, security_flag, list_id);
1155 #define LM_EXTRA_ACTIVE (LM_END)
1156 #define LM_EXTRA_PUBLIC (LM_END+1)
1157 #define LM_EXTRA_HIDDEN (LM_END+2)
1158 #define LM_EXTRA_MAILLIST (LM_END+3)
1159 #define LM_EXTRA_GROUP (LM_END+4)
1160 #define LM_EXTRA_GID (LM_END+5)
1161 #define LMN_LIST_ID (LM_END+6)
1162 #define LM_LIST_ID (LM_END+7)
1163 #define LM_USER_ID (LM_END+8)
1164 #define LM_EXTRA_END (LM_END+9)
1166 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1167 char **before, int beforec, char **after, int afterc)
1169 char group_name[128];
1170 char user_name[128];
1171 char user_type[128];
1172 char moira_list_id[32];
1173 char moira_user_id[32];
1174 char group_membership[1];
1176 char machine_ou[256];
1182 char NewMachineName[1024];
1189 memset(moira_list_id, '\0', sizeof(moira_list_id));
1190 memset(moira_user_id, '\0', sizeof(moira_user_id));
1193 if (afterc < LM_EXTRA_GID)
1195 if (!atoi(after[LM_EXTRA_ACTIVE]))
1198 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1200 strcpy(user_name, after[LM_MEMBER]);
1201 strcpy(group_name, after[LM_LIST]);
1202 strcpy(user_type, after[LM_TYPE]);
1203 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1205 if (afterc > LM_EXTRA_GROUP)
1207 strcpy(moira_list_id, after[LMN_LIST_ID]);
1208 strcpy(moira_user_id, after[LM_LIST_ID]);
1211 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1213 if (afterc > LMN_LIST_ID)
1215 strcpy(moira_list_id, after[LM_LIST_ID]);
1216 strcpy(moira_user_id, after[LM_USER_ID]);
1221 if (afterc > LM_EXTRA_GID)
1222 strcpy(moira_list_id, after[LMN_LIST_ID]);
1227 if (beforec < LM_EXTRA_GID)
1229 if (!atoi(before[LM_EXTRA_ACTIVE]))
1232 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1234 strcpy(user_name, before[LM_MEMBER]);
1235 strcpy(group_name, before[LM_LIST]);
1236 strcpy(user_type, before[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (beforec > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, before[LMN_LIST_ID]);
1242 strcpy(moira_user_id, before[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (beforec > LMN_LIST_ID)
1249 strcpy(moira_list_id, before[LM_LIST_ID]);
1250 strcpy(moira_user_id, before[LM_USER_ID]);
1255 if (beforec > LM_EXTRA_GID)
1256 strcpy(moira_list_id, before[LMN_LIST_ID]);
1263 args[L_NAME] = ptr[LM_LIST];
1264 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1265 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1266 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1267 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1268 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1269 args[L_GID] = ptr[LM_EXTRA_GID];
1272 memset(group_ou, '\0', sizeof(group_ou));
1273 get_group_membership(group_membership, group_ou, &security_flag, args);
1274 if (strlen(group_ou) == 0)
1276 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
1279 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1281 if (rc != AD_NO_GROUPS_FOUND)
1283 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1285 if (rc != AD_NO_GROUPS_FOUND)
1288 com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name);
1290 com_err(whoami, 0, "Couldn't remove %s from group %s - unable to process group", user_name, group_name);
1296 if (rc == AD_NO_GROUPS_FOUND)
1298 if (rc = moira_connect())
1300 critical_alert("AD incremental",
1301 "Error contacting Moira server : %s",
1306 com_err(whoami, 0, "creating group %s", group_name);
1308 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1312 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1315 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1316 group_ou, group_membership, security_flag, 0))
1321 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1323 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1324 group_membership, security_flag, moira_list_id);
1331 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1333 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1335 memset(machine_ou, '\0', sizeof(machine_ou));
1336 memset(NewMachineName, '\0', sizeof(NewMachineName));
1337 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1339 ptr[LM_MEMBER] = NewMachineName;
1340 pUserOu = machine_ou;
1342 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1344 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1346 pUserOu = contact_ou;
1348 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1350 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1352 pUserOu = kerberos_ou;
1354 if (rc = member_remove(ldap_handle, dn_path, group_name,
1355 group_ou, group_membership, ptr[LM_MEMBER],
1356 pUserOu, moira_list_id))
1357 com_err(whoami, 0, "couldn't remove %s from group %s", user_name, group_name);
1361 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1364 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1366 memset(machine_ou, '\0', sizeof(machine_ou));
1367 memset(NewMachineName, '\0', sizeof(NewMachineName));
1368 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1370 ptr[LM_MEMBER] = NewMachineName;
1371 pUserOu = machine_ou;
1373 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1375 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1377 pUserOu = contact_ou;
1379 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1381 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1383 pUserOu = kerberos_ou;
1385 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1387 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1388 moira_user_id)) == AD_NO_USER_FOUND)
1390 if (rc = moira_connect())
1392 critical_alert("AD incremental",
1393 "Error connection to Moira : %s",
1397 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1398 av[0] = ptr[LM_MEMBER];
1399 call_args[0] = (char *)ldap_handle;
1400 call_args[1] = dn_path;
1401 call_args[2] = moira_user_id;
1402 call_args[3] = NULL;
1404 sid_ptr = &sid_base;
1406 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1410 com_err(whoami, 0, "couldn't create user %s : %s",
1411 ptr[LM_MEMBER], error_message(rc));
1417 com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]);
1421 if (sid_base != NULL)
1423 sid_update(ldap_handle, dn_path);
1424 linklist_free(sid_base);
1435 if (rc = member_add(ldap_handle, dn_path, group_name,
1436 group_ou, group_membership, ptr[LM_MEMBER],
1437 pUserOu, moira_list_id))
1439 com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name);
1445 #define U_USER_ID 10
1446 #define U_HOMEDIR 11
1447 #define U_PROFILEDIR 12
1449 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1450 char **before, int beforec, char **after,
1455 char after_user_id[32];
1456 char before_user_id[32];
1459 if ((beforec == 0) && (afterc == 0))
1462 memset(after_user_id, '\0', sizeof(after_user_id));
1463 memset(before_user_id, '\0', sizeof(before_user_id));
1464 if (beforec > U_USER_ID)
1465 strcpy(before_user_id, before[U_USER_ID]);
1466 if (afterc > U_USER_ID)
1467 strcpy(after_user_id, after[U_USER_ID]);
1469 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1472 if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/
1473 return; /*account is first created but not usable*/
1475 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1477 if (atoi(before[U_STATE]) == 0)
1479 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1480 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1485 /*process anything that gets here*/
1486 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1487 before_user_id)) == AD_NO_USER_FOUND)
1489 if (!check_string(after[U_NAME]))
1491 if (rc = moira_connect())
1493 critical_alert("AD incremental",
1494 "Error connection to Moira : %s",
1498 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1500 av[0] = after[U_NAME];
1501 call_args[0] = (char *)ldap_handle;
1502 call_args[1] = dn_path;
1503 call_args[2] = after_user_id;
1504 call_args[3] = NULL;
1506 sid_ptr = &sid_base;
1508 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1512 com_err(whoami, 0, "couldn't create user %s : %s",
1513 after[U_NAME], error_message(rc));
1519 com_err(whoami, 0, "couldn't create user %s", after[U_NAME]);
1523 if (sid_base != NULL)
1525 sid_update(ldap_handle, dn_path);
1526 linklist_free(sid_base);
1535 if (strcmp(before[U_NAME], after[U_NAME]))
1537 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1539 com_err(whoami, 0, "changing user %s to %s",
1540 before[U_NAME], after[U_NAME]);
1541 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1542 after[U_NAME])) != LDAP_SUCCESS)
1548 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1549 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1550 after[U_UID], after[U_MITID],
1551 after_user_id, atoi(after[U_STATE]),
1552 after[U_HOMEDIR], after[U_PROFILEDIR]);
1556 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1557 char *oldValue, char *newValue,
1558 char ***modvalues, int type)
1560 LK_ENTRY *linklist_ptr;
1564 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1569 for (i = 0; i < (modvalue_count + 1); i++)
1570 (*modvalues)[i] = NULL;
1571 if (modvalue_count != 0)
1573 linklist_ptr = linklist_base;
1574 for (i = 0; i < modvalue_count; i++)
1576 if ((oldValue != NULL) && (newValue != NULL))
1578 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1581 if (type == REPLACE)
1583 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1586 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1587 strcpy((*modvalues)[i], newValue);
1591 if (((*modvalues)[i] = calloc(1,
1592 (int)(cPtr - linklist_ptr->value) +
1593 (linklist_ptr->length - strlen(oldValue)) +
1594 strlen(newValue) + 1)) == NULL)
1596 memset((*modvalues)[i], '\0',
1597 (int)(cPtr - linklist_ptr->value) +
1598 (linklist_ptr->length - strlen(oldValue)) +
1599 strlen(newValue) + 1);
1600 memcpy((*modvalues)[i], linklist_ptr->value,
1601 (int)(cPtr - linklist_ptr->value));
1602 strcat((*modvalues)[i], newValue);
1603 strcat((*modvalues)[i],
1604 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1609 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1610 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1611 memcpy((*modvalues)[i], linklist_ptr->value,
1612 linklist_ptr->length);
1617 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1618 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1619 memcpy((*modvalues)[i], linklist_ptr->value,
1620 linklist_ptr->length);
1622 linklist_ptr = linklist_ptr->next;
1624 (*modvalues)[i] = NULL;
1630 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1631 char **attr_array, LK_ENTRY **linklist_base,
1632 int *linklist_count, unsigned long ScopeType)
1635 LDAPMessage *ldap_entry;
1639 (*linklist_base) = NULL;
1640 (*linklist_count) = 0;
1641 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1642 search_exp, attr_array, 0, &ldap_entry))
1645 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1649 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1651 ldap_msgfree(ldap_entry);
1656 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1657 LK_ENTRY **linklist_base, int *linklist_count)
1659 char distinguished_name[1024];
1660 LK_ENTRY *linklist_ptr;
1663 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1666 memset(distinguished_name, '\0', sizeof(distinguished_name));
1667 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1669 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1670 linklist_base)) != 0)
1673 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1675 memset(distinguished_name, '\0', sizeof(distinguished_name));
1676 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1678 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1679 linklist_base)) != 0)
1683 linklist_ptr = (*linklist_base);
1684 (*linklist_count) = 0;
1685 while (linklist_ptr != NULL)
1687 ++(*linklist_count);
1688 linklist_ptr = linklist_ptr->next;
1693 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1694 char *distinguished_name, LK_ENTRY **linklist_current)
1700 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1702 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1704 ldap_memfree(Attribute);
1705 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1708 retrieve_values(ldap_handle, ldap_entry, Attribute,
1709 distinguished_name, linklist_current);
1710 ldap_memfree(Attribute);
1713 ldap_ber_free(ptr, 0);
1717 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1718 char *Attribute, char *distinguished_name,
1719 LK_ENTRY **linklist_current)
1725 LK_ENTRY *linklist_previous;
1726 LDAP_BERVAL **ber_value;
1734 SID_IDENTIFIER_AUTHORITY *sid_auth;
1735 unsigned char *subauth_count;
1736 #endif /*LDAP_BEGUG*/
1739 memset(temp, '\0', sizeof(temp));
1740 if ((!strcmp(Attribute, "objectSid")) ||
1741 (!strcmp(Attribute, "objectGUID")))
1746 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1747 Ptr = (void **)ber_value;
1752 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1753 Ptr = (void **)str_value;
1760 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1762 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1763 linklist_previous->next = (*linklist_current);
1764 (*linklist_current) = linklist_previous;
1766 if (((*linklist_current)->attribute = calloc(1,
1767 strlen(Attribute) + 1)) == NULL)
1769 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1770 strcpy((*linklist_current)->attribute, Attribute);
1773 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1774 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1776 memset((*linklist_current)->value, '\0', ber_length);
1777 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1779 (*linklist_current)->length = ber_length;
1783 if (((*linklist_current)->value = calloc(1,
1784 strlen(*Ptr) + 1)) == NULL)
1786 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1787 (*linklist_current)->length = strlen(*Ptr);
1788 strcpy((*linklist_current)->value, *Ptr);
1790 (*linklist_current)->ber_value = use_bervalue;
1791 if (((*linklist_current)->dn = calloc(1,
1792 strlen(distinguished_name) + 1)) == NULL)
1794 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1795 strcpy((*linklist_current)->dn, distinguished_name);
1798 if (!strcmp(Attribute, "objectGUID"))
1800 guid = (GUID *)((*linklist_current)->value);
1801 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1802 guid->Data1, guid->Data2, guid->Data3,
1803 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1804 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1805 guid->Data4[6], guid->Data4[7]);
1806 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1808 else if (!strcmp(Attribute, "objectSid"))
1810 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1812 print_to_screen(" Revision = %d\n", sid->Revision);
1813 print_to_screen(" SID Identifier Authority:\n");
1814 sid_auth = &sid->IdentifierAuthority;
1815 if (sid_auth->Value[0])
1816 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1817 else if (sid_auth->Value[1])
1818 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1819 else if (sid_auth->Value[2])
1820 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1821 else if (sid_auth->Value[3])
1822 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1823 else if (sid_auth->Value[5])
1824 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1826 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1827 subauth_count = GetSidSubAuthorityCount(sid);
1828 print_to_screen(" SidSubAuthorityCount = %d\n",
1830 print_to_screen(" SidSubAuthority:\n");
1831 for (i = 0; i < *subauth_count; i++)
1833 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1834 print_to_screen(" %u\n", *subauth);
1838 else if ((!memcmp(Attribute, "userAccountControl",
1839 strlen("userAccountControl"))) ||
1840 (!memcmp(Attribute, "sAMAccountType",
1841 strlen("sAmAccountType"))))
1843 intValue = atoi(*Ptr);
1844 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1845 if (!memcmp(Attribute, "userAccountControl",
1846 strlen("userAccountControl")))
1848 if (intValue & UF_ACCOUNTDISABLE)
1849 print_to_screen(" %20s : %s\n",
1850 "", "Account disabled");
1852 print_to_screen(" %20s : %s\n",
1853 "", "Account active");
1854 if (intValue & UF_HOMEDIR_REQUIRED)
1855 print_to_screen(" %20s : %s\n",
1856 "", "Home directory required");
1857 if (intValue & UF_LOCKOUT)
1858 print_to_screen(" %20s : %s\n",
1859 "", "Account locked out");
1860 if (intValue & UF_PASSWD_NOTREQD)
1861 print_to_screen(" %20s : %s\n",
1862 "", "No password required");
1863 if (intValue & UF_PASSWD_CANT_CHANGE)
1864 print_to_screen(" %20s : %s\n",
1865 "", "Cannot change password");
1866 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1867 print_to_screen(" %20s : %s\n",
1868 "", "Temp duplicate account");
1869 if (intValue & UF_NORMAL_ACCOUNT)
1870 print_to_screen(" %20s : %s\n",
1871 "", "Normal account");
1872 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1873 print_to_screen(" %20s : %s\n",
1874 "", "Interdomain trust account");
1875 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1876 print_to_screen(" %20s : %s\n",
1877 "", "Workstation trust account");
1878 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1879 print_to_screen(" %20s : %s\n",
1880 "", "Server trust account");
1885 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1887 #endif /*LDAP_DEBUG*/
1889 if (str_value != NULL)
1890 ldap_value_free(str_value);
1891 if (ber_value != NULL)
1892 ldap_value_free_len(ber_value);
1894 (*linklist_current) = linklist_previous;
1898 int moira_connect(void)
1903 if (!mr_connections++)
1906 memset(HostName, '\0', sizeof(HostName));
1907 strcpy(HostName, "ttsp");
1908 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1910 rc = mr_connect(HostName);
1915 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1917 rc = mr_connect(uts.nodename);
1922 rc = mr_auth("winad.incr");
1929 void check_winad(void)
1933 for (i = 0; file_exists(STOP_FILE); i++)
1937 critical_alert("AD incremental",
1938 "WINAD incremental failed (%s exists): %s",
1939 STOP_FILE, tbl_buf);
1946 int moira_disconnect(void)
1949 if (!--mr_connections)
1956 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1957 char *distinguished_name)
1961 CName = ldap_get_dn(ldap_handle, ldap_entry);
1964 strcpy(distinguished_name, CName);
1965 ldap_memfree(CName);
1968 int linklist_create_entry(char *attribute, char *value,
1969 LK_ENTRY **linklist_entry)
1971 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1972 if (!(*linklist_entry))
1976 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1977 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1978 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1979 strcpy((*linklist_entry)->attribute, attribute);
1980 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1981 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1982 strcpy((*linklist_entry)->value, value);
1983 (*linklist_entry)->length = strlen(value);
1984 (*linklist_entry)->next = NULL;
1988 void print_to_screen(const char *fmt, ...)
1992 va_start(pvar, fmt);
1993 vfprintf(stderr, fmt, pvar);
1998 int get_group_membership(char *group_membership, char *group_ou,
1999 int *security_flag, char **av)
2004 maillist_flag = atoi(av[L_MAILLIST]);
2005 group_flag = atoi(av[L_GROUP]);
2006 if (security_flag != NULL)
2007 (*security_flag) = 0;
2009 if ((maillist_flag) && (group_flag))
2011 if (group_membership != NULL)
2012 group_membership[0] = 'B';
2013 if (security_flag != NULL)
2014 (*security_flag) = 1;
2015 if (group_ou != NULL)
2016 strcpy(group_ou, group_ou_both);
2018 else if ((!maillist_flag) && (group_flag))
2020 if (group_membership != NULL)
2021 group_membership[0] = 'S';
2022 if (security_flag != NULL)
2023 (*security_flag) = 1;
2024 if (group_ou != NULL)
2025 strcpy(group_ou, group_ou_security);
2027 else if ((maillist_flag) && (!group_flag))
2029 if (group_membership != NULL)
2030 group_membership[0] = 'D';
2031 if (group_ou != NULL)
2032 strcpy(group_ou, group_ou_distribution);
2036 if (group_membership != NULL)
2037 group_membership[0] = 'N';
2038 if (group_ou != NULL)
2039 strcpy(group_ou, group_ou_neither);
2044 int group_rename(LDAP *ldap_handle, char *dn_path,
2045 char *before_group_name, char *before_group_membership,
2046 char *before_group_ou, int before_security_flag, char *before_desc,
2047 char *after_group_name, char *after_group_membership,
2048 char *after_group_ou, int after_security_flag, char *after_desc,
2049 char *MoiraId, char *filter)
2054 char new_dn_path[512];
2056 char *attr_array[3];
2057 char *mitMoiraId_v[] = {NULL, NULL};
2058 char *name_v[] = {NULL, NULL};
2059 char *desc_v[] = {NULL, NULL};
2060 char *samAccountName_v[] = {NULL, NULL};
2061 char *groupTypeControl_v[] = {NULL, NULL};
2062 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2063 char groupTypeControlStr[80];
2067 LK_ENTRY *group_base;
2070 if (!check_string(before_group_name))
2072 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
2073 return(AD_INVALID_NAME);
2075 if (!check_string(after_group_name))
2077 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
2078 return(AD_INVALID_NAME);
2083 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2084 before_group_membership,
2085 MoiraId, "distinguishedName", &group_base,
2086 &group_count, filter))
2089 if (group_count == 0)
2091 return(AD_NO_GROUPS_FOUND);
2093 if (group_count != 1)
2096 "multiple groups with MoiraId = %s exist in the AD",
2098 return(AD_MULTIPLE_GROUPS_FOUND);
2100 strcpy(old_dn, group_base->value);
2102 linklist_free(group_base);
2105 attr_array[0] = "sAMAccountName";
2106 attr_array[1] = NULL;
2107 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2108 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2110 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
2111 after_group_name, ldap_err2string(rc));
2114 if (group_count != 1)
2117 "Unable to get sAMAccountName for group %s",
2119 return(AD_LDAP_FAILURE);
2122 strcpy(sam_name, group_base->value);
2123 linklist_free(group_base);
2127 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2128 sprintf(new_dn, "cn=%s", after_group_name);
2129 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2130 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2132 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
2133 before_group_name, after_group_name, ldap_err2string(rc));
2137 name_v[0] = after_group_name;
2138 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2140 sprintf(sam_name, "%s_group", after_group_name);
2144 com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found",
2145 before_group_name, after_group_name);
2148 samAccountName_v[0] = sam_name;
2149 if (after_security_flag)
2150 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2151 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2152 groupTypeControl_v[0] = groupTypeControlStr;
2154 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2155 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2156 desc_v[0] = after_desc;
2157 if (strlen(after_desc) == 0)
2159 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
2160 mitMoiraId_v[0] = MoiraId;
2161 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2162 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2164 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2165 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2167 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
2168 after_group_name, ldap_err2string(rc));
2170 for (i = 0; i < n; i++)
2175 int group_create(int ac, char **av, void *ptr)
2178 LK_ENTRY *group_base;
2181 char new_group_name[256];
2182 char sam_group_name[256];
2183 char cn_group_name[256];
2184 char *cn_v[] = {NULL, NULL};
2185 char *objectClass_v[] = {"top", "group", NULL};
2187 char *samAccountName_v[] = {NULL, NULL};
2188 char *altSecurityIdentities_v[] = {NULL, NULL};
2189 char *member_v[] = {NULL, NULL};
2190 char *name_v[] = {NULL, NULL};
2191 char *desc_v[] = {NULL, NULL};
2192 char *info_v[] = {NULL, NULL};
2193 char *mitMoiraId_v[] = {NULL, NULL};
2194 char *groupTypeControl_v[] = {NULL, NULL};
2195 char groupTypeControlStr[80];
2196 char group_membership[1];
2199 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2205 char *attr_array[3];
2210 if (!check_string(av[L_NAME]))
2212 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
2213 return(AD_INVALID_NAME);
2216 updateGroup = (int)call_args[4];
2217 memset(group_ou, 0, sizeof(group_ou));
2218 memset(group_membership, 0, sizeof(group_membership));
2220 get_group_membership(group_membership, group_ou, &security_flag, av);
2221 strcpy(new_group_name, av[L_NAME]);
2222 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2224 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2226 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2231 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2232 groupTypeControl_v[0] = groupTypeControlStr;
2234 strcpy(cn_group_name, av[L_NAME]);
2236 samAccountName_v[0] = sam_group_name;
2237 name_v[0] = new_group_name;
2238 cn_v[0] = new_group_name;
2241 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2242 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2243 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2244 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2245 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2246 if (strlen(av[L_DESC]) != 0)
2248 desc_v[0] = av[L_DESC];
2249 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2251 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2252 if (strlen(av[L_ACE_NAME]) != 0)
2254 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2256 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2258 if (strlen(call_args[5]) != 0)
2260 mitMoiraId_v[0] = call_args[5];
2261 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2265 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2267 for (i = 0; i < n; i++)
2269 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2271 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2272 av[L_NAME], ldap_err2string(rc));
2277 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2281 if (strlen(av[L_DESC]) != 0)
2282 desc_v[0] = av[L_DESC];
2283 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
2285 if (strlen(av[L_ACE_NAME]) != 0)
2287 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2290 ADD_ATTR("info", info_v, LDAP_MOD_REPLACE);
2291 if (strlen(call_args[5]) != 0)
2293 mitMoiraId_v[0] = call_args[5];
2294 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2296 if (!(atoi(av[L_ACTIVE])))
2299 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2302 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2303 for (i = 0; i < n; i++)
2305 if (rc != LDAP_SUCCESS)
2307 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2308 av[L_NAME], ldap_err2string(rc));
2314 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2315 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2317 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2318 if (strlen(call_args[5]) != 0)
2319 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2320 attr_array[0] = "objectSid";
2321 attr_array[1] = NULL;
2324 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2325 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2327 if (group_count != 1)
2329 if (strlen(call_args[5]) != 0)
2331 linklist_free(group_base);
2334 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2335 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2336 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2339 if (group_count == 1)
2341 (*sid_ptr) = group_base;
2342 (*sid_ptr)->member = strdup(av[L_NAME]);
2343 (*sid_ptr)->type = (char *)GROUPS;
2344 sid_ptr = &(*sid_ptr)->next;
2348 if (group_base != NULL)
2349 linklist_free(group_base);
2354 if (group_base != NULL)
2355 linklist_free(group_base);
2357 return(LDAP_SUCCESS);
2360 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2361 int HiddenGroup, char *AceType, char *AceName)
2363 char filter_exp[1024];
2364 char *attr_array[5];
2365 char search_path[512];
2367 char TemplateDn[512];
2368 char TemplateSamName[128];
2370 char TargetSamName[128];
2371 char AceSamAccountName[128];
2373 unsigned char AceSid[128];
2374 unsigned char UserTemplateSid[128];
2375 char acBERBuf[N_SD_BER_BYTES];
2376 char GroupSecurityTemplate[256];
2378 int UserTemplateSidCount;
2385 int array_count = 0;
2387 LK_ENTRY *group_base;
2388 LDAP_BERVAL **ppsValues;
2389 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2390 { N_SD_BER_BYTES, acBERBuf },
2393 LDAPControl *apsServerControls[] = {&sControl, NULL};
2396 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2397 BEREncodeSecurityBits(dwInfo, acBERBuf);
2399 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2400 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2401 attr_array[0] = "sAMAccountName";
2402 attr_array[1] = NULL;
2405 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2406 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2408 if (group_count != 1)
2410 linklist_free(group_base);
2413 strcpy(TargetDn, group_base->dn);
2414 strcpy(TargetSamName, group_base->value);
2415 linklist_free(group_base);
2419 UserTemplateSidCount = 0;
2420 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2421 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2422 memset(AceSid, '\0', sizeof(AceSid));
2426 if (strlen(AceName) != 0)
2428 if (!strcmp(AceType, "LIST"))
2430 sprintf(AceSamAccountName, "%s_group", AceName);
2431 strcpy(root_ou, group_ou_root);
2433 else if (!strcmp(AceType, "USER"))
2435 sprintf(AceSamAccountName, "%s", AceName);
2436 strcpy(root_ou, user_ou);
2438 if (strlen(AceSamAccountName) != 0)
2440 sprintf(search_path, "%s", dn_path);
2441 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2442 attr_array[0] = "objectSid";
2443 attr_array[1] = NULL;
2446 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2447 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2449 if (group_count == 1)
2451 strcpy(AceDn, group_base->dn);
2452 AceSidCount = group_base->length;
2453 memcpy(AceSid, group_base->value, AceSidCount);
2455 linklist_free(group_base);
2460 if (AceSidCount == 0)
2462 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2463 com_err(whoami, 0, " Non-admin security group template will be used.");
2467 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2468 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2469 attr_array[0] = "objectSid";
2470 attr_array[1] = NULL;
2474 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2475 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2477 if ((rc != 0) || (group_count != 1))
2479 com_err(whoami, 0, "Couldn't process user security template: %s", "UserTemplate");
2484 UserTemplateSidCount = group_base->length;
2485 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2487 linklist_free(group_base);
2494 if (AceSidCount == 0)
2496 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2497 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2501 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2502 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2507 if (AceSidCount == 0)
2509 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2510 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2514 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2515 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2519 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2520 attr_array[0] = "sAMAccountName";
2521 attr_array[1] = NULL;
2524 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2525 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2527 if (group_count != 1)
2529 linklist_free(group_base);
2530 com_err(whoami, 0, "Couldn't process group security template: %s - security not set", GroupSecurityTemplate);
2533 strcpy(TemplateDn, group_base->dn);
2534 strcpy(TemplateSamName, group_base->value);
2535 linklist_free(group_base);
2539 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2540 rc = ldap_search_ext_s(ldap_handle,
2552 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2554 com_err(whoami, 0, "Couldn't find group security template: %s - security not set", GroupSecurityTemplate);
2557 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2558 if (ppsValues == NULL)
2560 com_err(whoami, 0, "Couldn't find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2564 if (AceSidCount != 0)
2566 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2568 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2570 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2572 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2580 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2583 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2584 for (i = 0; i < n; i++)
2586 ldap_value_free_len(ppsValues);
2587 ldap_msgfree(psMsg);
2588 if (rc != LDAP_SUCCESS)
2590 com_err(whoami, 0, "Couldn't set security settings for group %s : %s",
2591 TargetGroupName, ldap_err2string(rc));
2592 if (AceSidCount != 0)
2594 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2596 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2597 HiddenGroup, "", ""))
2599 com_err(whoami, 0, "Unable to set security for group %s.",
2606 com_err(whoami, 0, "Security set for group %s.", TargetGroupName);
2610 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2611 char *group_membership, char *MoiraId)
2613 LK_ENTRY *group_base;
2619 if (!check_string(group_name))
2621 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
2622 return(AD_INVALID_NAME);
2625 memset(filter, '\0', sizeof(filter));
2628 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2629 if (rc = ad_get_group(ldap_handle, temp, group_name,
2630 group_membership, MoiraId,
2631 "distinguishedName", &group_base,
2632 &group_count, filter))
2635 if (group_count == 1)
2637 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2639 linklist_free(group_base);
2640 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2641 group_name, ldap_err2string(rc));
2644 linklist_free(group_base);
2648 linklist_free(group_base);
2649 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2650 return(AD_NO_GROUPS_FOUND);
2656 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2662 return(N_SD_BER_BYTES);
2665 int process_lists(int ac, char **av, void *ptr)
2670 char group_membership[2];
2676 memset(group_ou, '\0', sizeof(group_ou));
2677 memset(group_membership, '\0', sizeof(group_membership));
2678 get_group_membership(group_membership, group_ou, &security_flag, av);
2679 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2680 group_ou, group_membership, call_args[2],
2681 (char *)call_args[3], "");
2685 int member_list_build(int ac, char **av, void *ptr)
2693 strcpy(temp, av[ACE_NAME]);
2694 if (!check_string(temp))
2696 if (!strcmp(av[ACE_TYPE], "USER"))
2698 if (!((int)call_args[3] & MOIRA_USERS))
2701 else if (!strcmp(av[ACE_TYPE], "STRING"))
2703 if (!((int)call_args[3] & MOIRA_STRINGS))
2705 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2708 else if (!strcmp(av[ACE_TYPE], "LIST"))
2710 if (!((int)call_args[3] & MOIRA_LISTS))
2713 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2715 if (!((int)call_args[3] & MOIRA_KERBEROS))
2717 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2723 linklist = member_base;
2726 if (!strcasecmp(temp, linklist->member))
2728 linklist = linklist->next;
2730 linklist = calloc(1, sizeof(LK_ENTRY));
2732 linklist->dn = NULL;
2733 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2734 strcpy(linklist->list, call_args[2]);
2735 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2736 strcpy(linklist->type, av[ACE_TYPE]);
2737 linklist->member = calloc(1, strlen(temp) + 1);
2738 strcpy(linklist->member, temp);
2739 linklist->next = member_base;
2740 member_base = linklist;
2744 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2745 char *group_ou, char *group_membership, char *user_name,
2746 char *UserOu, char *MoiraId)
2748 char distinguished_name[1024];
2756 LK_ENTRY *group_base;
2759 if (!check_string(group_name))
2760 return(AD_INVALID_NAME);
2762 memset(filter, '\0', sizeof(filter));
2765 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2766 group_membership, MoiraId,
2767 "distinguishedName", &group_base,
2768 &group_count, filter))
2771 if (group_count != 1)
2773 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2775 linklist_free(group_base);
2780 strcpy(distinguished_name, group_base->value);
2781 linklist_free(group_base);
2785 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2786 modvalues[0] = temp;
2787 modvalues[1] = NULL;
2790 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2792 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2793 for (i = 0; i < n; i++)
2795 if (rc == LDAP_UNWILLING_TO_PERFORM)
2797 if (rc != LDAP_SUCCESS)
2799 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
2800 group_name, ldap_err2string(rc));
2808 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2809 char *group_ou, char *group_membership, char *user_name,
2810 char *UserOu, char *MoiraId)
2812 char distinguished_name[1024];
2820 LK_ENTRY *group_base;
2823 if (!check_string(group_name))
2824 return(AD_INVALID_NAME);
2827 memset(filter, '\0', sizeof(filter));
2830 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2831 group_membership, MoiraId,
2832 "distinguishedName", &group_base,
2833 &group_count, filter))
2836 if (group_count != 1)
2838 linklist_free(group_base);
2841 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2843 return(AD_MULTIPLE_GROUPS_FOUND);
2846 strcpy(distinguished_name, group_base->value);
2847 linklist_free(group_base);
2851 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2852 modvalues[0] = temp;
2853 modvalues[1] = NULL;
2856 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2858 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2859 if (rc == LDAP_ALREADY_EXISTS)
2861 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2863 if (rc == LDAP_UNWILLING_TO_PERFORM)
2866 for (i = 0; i < n; i++)
2868 if (rc != LDAP_SUCCESS)
2870 com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s",
2871 user_name, group_name, ldap_err2string(rc));
2877 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2881 char cn_user_name[256];
2882 char contact_name[256];
2883 char *email_v[] = {NULL, NULL};
2884 char *cn_v[] = {NULL, NULL};
2885 char *contact_v[] = {NULL, NULL};
2886 char *objectClass_v[] = {"top", "person",
2887 "organizationalPerson",
2889 char *name_v[] = {NULL, NULL};
2890 char *desc_v[] = {NULL, NULL};
2895 if (!check_string(user))
2897 com_err(whoami, 0, "invalid LDAP name %s", user);
2898 return(AD_INVALID_NAME);
2900 strcpy(contact_name, user);
2901 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2902 cn_v[0] = cn_user_name;
2903 contact_v[0] = contact_name;
2905 desc_v[0] = "Auto account created by Moira";
2908 strcpy(new_dn, cn_user_name);
2910 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2911 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2912 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2913 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2914 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2915 if (!strcmp(group_ou, contact_ou))
2917 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2921 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2922 for (i = 0; i < n; i++)
2924 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2927 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2928 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2929 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2930 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2931 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2933 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2934 for (i = 0; i < n; i++)
2937 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2939 com_err(whoami, 0, "could not create contact %s : %s",
2940 user, ldap_err2string(rc));
2946 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2947 char *Uid, char *MitId, char *MoiraId, int State,
2948 char *WinHomeDir, char *WinProfileDir)
2951 LK_ENTRY *group_base;
2953 char distinguished_name[512];
2954 char *mitMoiraId_v[] = {NULL, NULL};
2955 char *uid_v[] = {NULL, NULL};
2956 char *mitid_v[] = {NULL, NULL};
2957 char *homedir_v[] = {NULL, NULL};
2958 char *winProfile_v[] = {NULL, NULL};
2959 char *drives_v[] = {NULL, NULL};
2960 char *userAccountControl_v[] = {NULL, NULL};
2961 char userAccountControlStr[80];
2966 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2968 char *attr_array[3];
2971 if (!check_string(user_name))
2973 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2974 return(AD_INVALID_NAME);
2980 if (strlen(MoiraId) != 0)
2982 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2983 attr_array[0] = "cn";
2984 attr_array[1] = NULL;
2985 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2986 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2988 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2989 user_name, ldap_err2string(rc));
2993 if (group_count != 1)
2995 linklist_free(group_base);
2998 sprintf(filter, "(sAMAccountName=%s)", user_name);
2999 attr_array[0] = "cn";
3000 attr_array[1] = NULL;
3001 sprintf(temp, "%s,%s", user_ou, dn_path);
3002 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
3003 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3005 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3006 user_name, ldap_err2string(rc));
3011 if (group_count != 1)
3013 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3015 linklist_free(group_base);
3016 return(AD_NO_USER_FOUND);
3018 strcpy(distinguished_name, group_base->dn);
3020 linklist_free(group_base);
3024 if (strlen(Uid) == 0)
3026 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
3029 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3033 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3036 if (strlen(MitId) == 0)
3038 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
3039 mitMoiraId_v[0] = MoiraId;
3040 if (strlen(MoiraId) == 0)
3041 mitMoiraId_v[0] = NULL;
3042 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3043 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3044 userAccountControl |= UF_ACCOUNTDISABLE;
3045 sprintf(userAccountControlStr, "%ld", userAccountControl);
3046 userAccountControl_v[0] = userAccountControlStr;
3047 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3049 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3050 WinProfileDir, homedir_v, winProfile_v,
3051 drives_v, mods, LDAP_MOD_REPLACE, n);
3054 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3056 OldUseSFU30 = UseSFU30;
3057 SwitchSFU(mods, &UseSFU30, n);
3058 if (OldUseSFU30 != UseSFU30)
3059 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3062 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
3063 user_name, ldap_err2string(rc));
3066 for (i = 0; i < n; i++)
3071 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3079 char *userPrincipalName_v[] = {NULL, NULL};
3080 char *altSecurityIdentities_v[] = {NULL, NULL};
3081 char *name_v[] = {NULL, NULL};
3082 char *samAccountName_v[] = {NULL, NULL};
3087 if (!check_string(before_user_name))
3089 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
3090 return(AD_INVALID_NAME);
3092 if (!check_string(user_name))
3094 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
3095 return(AD_INVALID_NAME);
3098 strcpy(user_name, user_name);
3099 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3100 sprintf(new_dn, "cn=%s", user_name);
3101 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3102 NULL, NULL)) != LDAP_SUCCESS)
3104 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
3105 before_user_name, user_name, ldap_err2string(rc));
3109 name_v[0] = user_name;
3110 sprintf(upn, "%s@%s", user_name, ldap_domain);
3111 userPrincipalName_v[0] = upn;
3112 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3113 altSecurityIdentities_v[0] = temp;
3114 samAccountName_v[0] = user_name;
3117 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3118 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3119 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3120 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3122 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3123 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3125 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
3126 user_name, ldap_err2string(rc));
3128 for (i = 0; i < n; i++)
3133 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3134 char *fs_type, char *fs_pack, int operation)
3136 char distinguished_name[256];
3138 char winProfile[256];
3140 char *attr_array[3];
3141 char *homedir_v[] = {NULL, NULL};
3142 char *winProfile_v[] = {NULL, NULL};
3143 char *drives_v[] = {NULL, NULL};
3149 LK_ENTRY *group_base;
3151 if (!check_string(fs_name))
3153 com_err(whoami, 0, "invalid filesys name %s", fs_name);
3154 return(AD_INVALID_NAME);
3157 if (strcmp(fs_type, "AFS"))
3159 com_err(whoami, 0, "invalid filesys type %s", fs_type);
3160 return(AD_INVALID_FILESYS);
3165 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3166 attr_array[0] = "cn";
3167 attr_array[1] = NULL;
3168 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3169 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3171 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
3172 fs_name, ldap_err2string(rc));
3176 if (group_count != 1)
3178 linklist_free(group_base);
3179 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3181 return(LDAP_NO_SUCH_OBJECT);
3183 strcpy(distinguished_name, group_base->dn);
3184 linklist_free(group_base);
3188 if (operation == LDAP_MOD_ADD)
3190 memset(winPath, 0, sizeof(winPath));
3191 AfsToWinAfs(fs_pack, winPath);
3192 homedir_v[0] = winPath;
3194 memset(winProfile, 0, sizeof(winProfile));
3195 strcpy(winProfile, winPath);
3196 strcat(winProfile, "\\.winprofile");
3197 winProfile_v[0] = winProfile;
3201 homedir_v[0] = NULL;
3203 winProfile_v[0] = NULL;
3205 ADD_ATTR("profilePath", winProfile_v, operation);
3206 ADD_ATTR("homeDrive", drives_v, operation);
3207 ADD_ATTR("homeDirectory", homedir_v, operation);
3210 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3211 if (rc != LDAP_SUCCESS)
3213 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
3214 fs_name, ldap_err2string(rc));
3216 for (i = 0; i < n; i++)
3222 int user_create(int ac, char **av, void *ptr)
3224 LK_ENTRY *group_base;
3227 char user_name[256];
3230 char *cn_v[] = {NULL, NULL};
3231 char *objectClass_v[] = {"top", "person",
3232 "organizationalPerson",
3235 char *samAccountName_v[] = {NULL, NULL};
3236 char *altSecurityIdentities_v[] = {NULL, NULL};
3237 char *mitMoiraId_v[] = {NULL, NULL};
3238 char *name_v[] = {NULL, NULL};
3239 char *desc_v[] = {NULL, NULL};
3240 char *userPrincipalName_v[] = {NULL, NULL};
3241 char *userAccountControl_v[] = {NULL, NULL};
3242 char *uid_v[] = {NULL, NULL};
3243 char *mitid_v[] = {NULL, NULL};
3244 char *homedir_v[] = {NULL, NULL};
3245 char *winProfile_v[] = {NULL, NULL};
3246 char *drives_v[] = {NULL, NULL};
3247 char userAccountControlStr[80];
3249 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3256 char *attr_array[3];
3258 char WinHomeDir[1024];
3259 char WinProfileDir[1024];
3263 if (!check_string(av[U_NAME]))
3265 callback_rc = AD_INVALID_NAME;
3266 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
3267 return(AD_INVALID_NAME);
3270 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3271 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3272 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3273 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3274 strcpy(user_name, av[U_NAME]);
3275 sprintf(upn, "%s@%s", user_name, ldap_domain);
3276 sprintf(sam_name, "%s", av[U_NAME]);
3277 samAccountName_v[0] = sam_name;
3278 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3279 userAccountControl |= UF_ACCOUNTDISABLE;
3280 sprintf(userAccountControlStr, "%ld", userAccountControl);
3281 userAccountControl_v[0] = userAccountControlStr;
3282 userPrincipalName_v[0] = upn;
3284 cn_v[0] = user_name;
3285 name_v[0] = user_name;
3286 desc_v[0] = "Auto account created by Moira";
3287 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3288 altSecurityIdentities_v[0] = temp;
3289 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3292 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3293 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3294 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3295 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3296 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3297 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3298 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3299 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3300 if (strlen(call_args[2]) != 0)
3302 mitMoiraId_v[0] = call_args[2];
3303 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3305 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3306 if (strlen(av[U_UID]) != 0)
3308 uid_v[0] = av[U_UID];
3309 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3312 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3316 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3319 if (strlen(av[U_MITID]) != 0)
3320 mitid_v[0] = av[U_MITID];
3322 mitid_v[0] = "none";
3323 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3325 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3326 WinProfileDir, homedir_v, winProfile_v,
3327 drives_v, mods, LDAP_MOD_ADD, n);
3331 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3332 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3334 OldUseSFU30 = UseSFU30;
3335 SwitchSFU(mods, &UseSFU30, n);
3336 if (OldUseSFU30 != UseSFU30)
3337 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3340 for (i = 0; i < n; i++)
3342 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3344 com_err(whoami, 0, "could not create user %s : %s",
3345 user_name, ldap_err2string(rc));
3349 if (rc == LDAP_SUCCESS)
3351 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3353 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
3357 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3358 if (strlen(call_args[2]) != 0)
3359 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3360 attr_array[0] = "objectSid";
3361 attr_array[1] = NULL;
3364 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3365 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3367 if (group_count != 1)
3369 if (strlen(call_args[2]) != 0)
3371 linklist_free(group_base);
3374 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3375 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3376 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3379 if (group_count == 1)
3381 (*sid_ptr) = group_base;
3382 (*sid_ptr)->member = strdup(av[U_NAME]);
3383 (*sid_ptr)->type = (char *)GROUPS;
3384 sid_ptr = &(*sid_ptr)->next;
3388 if (group_base != NULL)
3389 linklist_free(group_base);
3394 if (group_base != NULL)
3395 linklist_free(group_base);
3400 int user_change_status(LDAP *ldap_handle, char *dn_path,
3401 char *user_name, char *MoiraId,
3405 char *attr_array[3];
3407 char distinguished_name[1024];
3409 char *mitMoiraId_v[] = {NULL, NULL};
3411 LK_ENTRY *group_base;
3418 if (!check_string(user_name))
3420 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
3421 return(AD_INVALID_NAME);
3427 if (strlen(MoiraId) != 0)
3429 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3430 attr_array[0] = "UserAccountControl";
3431 attr_array[1] = NULL;
3432 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3433 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3435 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3436 user_name, ldap_err2string(rc));
3440 if (group_count != 1)
3442 linklist_free(group_base);
3445 sprintf(filter, "(sAMAccountName=%s)", user_name);
3446 attr_array[0] = "UserAccountControl";
3447 attr_array[1] = NULL;
3448 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3449 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3451 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3452 user_name, ldap_err2string(rc));
3457 if (group_count != 1)
3459 linklist_free(group_base);
3460 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3462 return(LDAP_NO_SUCH_OBJECT);
3465 strcpy(distinguished_name, group_base->dn);
3466 ulongValue = atoi((*group_base).value);
3467 if (operation == MEMBER_DEACTIVATE)
3468 ulongValue |= UF_ACCOUNTDISABLE;
3470 ulongValue &= ~UF_ACCOUNTDISABLE;
3471 sprintf(temp, "%ld", ulongValue);
3472 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3473 temp, &modvalues, REPLACE)) == 1)
3475 linklist_free(group_base);
3479 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3480 if (strlen(MoiraId) != 0)
3482 mitMoiraId_v[0] = MoiraId;
3483 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3486 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3487 for (i = 0; i < n; i++)
3489 free_values(modvalues);
3490 if (rc != LDAP_SUCCESS)
3492 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
3493 user_name, ldap_err2string(rc));
3499 int user_delete(LDAP *ldap_handle, char *dn_path,
3500 char *u_name, char *MoiraId)
3503 char *attr_array[3];
3504 char distinguished_name[1024];
3505 char user_name[512];
3506 LK_ENTRY *group_base;
3510 if (!check_string(u_name))
3511 return(AD_INVALID_NAME);
3513 strcpy(user_name, u_name);
3517 if (strlen(MoiraId) != 0)
3519 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3520 attr_array[0] = "name";
3521 attr_array[1] = NULL;
3522 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3523 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3525 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3526 user_name, ldap_err2string(rc));
3530 if (group_count != 1)
3532 linklist_free(group_base);
3535 sprintf(filter, "(sAMAccountName=%s)", user_name);
3536 attr_array[0] = "name";
3537 attr_array[1] = NULL;
3538 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3539 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3541 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3542 user_name, ldap_err2string(rc));
3547 if (group_count != 1)
3549 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3554 strcpy(distinguished_name, group_base->dn);
3555 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3557 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3558 user_name, ldap_err2string(rc));
3562 linklist_free(group_base);
3566 void linklist_free(LK_ENTRY *linklist_base)
3568 LK_ENTRY *linklist_previous;
3570 while (linklist_base != NULL)
3572 if (linklist_base->dn != NULL)
3573 free(linklist_base->dn);
3574 if (linklist_base->attribute != NULL)
3575 free(linklist_base->attribute);
3576 if (linklist_base->value != NULL)
3577 free(linklist_base->value);
3578 if (linklist_base->member != NULL)
3579 free(linklist_base->member);
3580 if (linklist_base->type != NULL)
3581 free(linklist_base->type);
3582 if (linklist_base->list != NULL)
3583 free(linklist_base->list);
3584 linklist_previous = linklist_base;
3585 linklist_base = linklist_previous->next;
3586 free(linklist_previous);
3590 void free_values(char **modvalues)
3595 if (modvalues != NULL)
3597 while (modvalues[i] != NULL)
3600 modvalues[i] = NULL;
3607 int sid_update(LDAP *ldap_handle, char *dn_path)
3611 unsigned char temp[126];
3618 memset(temp, 0, sizeof(temp));
3619 convert_b_to_a(temp, ptr->value, ptr->length);
3622 av[0] = ptr->member;
3624 if (ptr->type == (char *)GROUPS)
3627 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3629 else if (ptr->type == (char *)USERS)
3632 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3639 void convert_b_to_a(char *string, UCHAR *binary, int length)
3646 for (i = 0; i < length; i++)
3653 if (string[j] > '9')
3656 string[j] = tmp & 0x0f;
3658 if (string[j] > '9')
3665 static int illegalchars[] = {
3666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3668 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3669 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3670 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3671 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3672 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3673 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3674 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3675 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3676 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3677 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3678 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3679 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3680 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3681 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3684 int check_string(char *s)
3691 if (isupper(character))
3692 character = tolower(character);
3693 if (illegalchars[(unsigned) character])
3699 int check_container_name(char *s)
3706 if (isupper(character))
3707 character = tolower(character);
3709 if (character == ' ')
3711 if (illegalchars[(unsigned) character])
3717 int mr_connect_cl(char *server, char *client, int version, int auth)
3723 status = mr_connect(server);
3726 com_err(whoami, status, "while connecting to Moira");
3730 status = mr_motd(&motd);
3734 com_err(whoami, status, "while checking server status");
3739 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3740 com_err(whoami, status, temp);
3745 status = mr_version(version);
3748 if (status == MR_UNKNOWN_PROC)
3751 status = MR_VERSION_HIGH;
3753 status = MR_SUCCESS;
3756 if (status == MR_VERSION_HIGH)
3758 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3759 com_err(whoami, 0, "Some operations may not work.");
3761 else if (status && status != MR_VERSION_LOW)
3763 com_err(whoami, status, "while setting query version number.");
3771 status = mr_auth(client);
3774 com_err(whoami, status, "while authenticating to Moira.");
3783 void AfsToWinAfs(char* path, char* winPath)
3787 strcpy(winPath, WINAFS);
3788 pathPtr = path + strlen(AFS);
3789 winPathPtr = winPath + strlen(WINAFS);
3793 if (*pathPtr == '/')
3796 *winPathPtr = *pathPtr;
3803 int GetAceInfo(int ac, char **av, void *ptr)
3810 strcpy(call_args[0], av[L_ACE_TYPE]);
3811 strcpy(call_args[1], av[L_ACE_NAME]);
3813 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3814 return(LDAP_SUCCESS);
3818 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3821 char *attr_array[3];
3824 LK_ENTRY *group_base;
3829 sprintf(filter, "(sAMAccountName=%s)", Name);
3830 attr_array[0] = "sAMAccountName";
3831 attr_array[1] = NULL;
3832 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3833 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3835 com_err(whoami, 0, "LDAP server couldn't process ACE name %s : %s",
3836 Name, ldap_err2string(rc));
3840 linklist_free(group_base);
3842 if (group_count == 0)
3849 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3852 char GroupName[256];
3858 char AceMembership[2];
3862 strcpy(GroupName, Name);
3864 if (strcasecmp(Type, "LIST"))
3869 AceInfo[0] = AceType;
3870 AceInfo[1] = AceName;
3871 AceInfo[2] = AceMembership;
3873 memset(AceType, '\0', sizeof(AceType));
3874 memset(AceName, '\0', sizeof(AceName));
3875 memset(AceMembership, '\0', sizeof(AceMembership));
3876 memset(AceOu, '\0', sizeof(AceOu));
3878 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3880 com_err(whoami, 0, "Couldn't get ACE info for list %s : %s", GroupName, error_message(rc));
3885 com_err(whoami, 0, "Couldn't get ACE info for list %s", GroupName);
3888 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3890 strcpy(temp, AceName);
3891 if (!strcasecmp(AceType, "LIST"))
3892 sprintf(temp, "%s_group", AceName);
3895 if (checkADname(ldap_handle, dn_path, temp))
3897 (*ProcessGroup) = 1;
3899 if (!strcasecmp(AceInfo[0], "LIST"))
3901 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3904 else if (!strcasecmp(AceInfo[0], "USER"))
3907 call_args[0] = (char *)ldap_handle;
3908 call_args[1] = dn_path;
3910 call_args[3] = NULL;
3912 sid_ptr = &sid_base;
3914 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3916 com_err(whoami, 0, "Couldn't process user ACE %s for group %s.", Name, AceName);
3921 com_err(whoami, 0, "Couldn't process user Ace %s for group %s", Name, AceName);
3924 if (sid_base != NULL)
3926 sid_update(ldap_handle, dn_path);
3927 linklist_free(sid_base);
3934 if (!strcasecmp(AceType, "LIST"))
3936 if (!strcasecmp(GroupName, AceName))
3939 strcpy(GroupName, AceName);
3944 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3945 char *group_name, char *group_ou, char *group_membership,
3946 int group_security_flag, int updateGroup)
3953 call_args[0] = (char *)ldap_handle;
3954 call_args[1] = dn_path;
3955 call_args[2] = group_name;
3956 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3957 call_args[4] = (char *)updateGroup;
3958 call_args[5] = MoiraId;
3959 call_args[6] = NULL;
3961 sid_ptr = &sid_base;
3963 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3966 com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc));
3972 com_err(whoami, 0, "Couldn't create list %s", group_name);
3973 return(callback_rc);
3976 if (sid_base != NULL)
3978 sid_update(ldap_handle, dn_path);
3979 linklist_free(sid_base);
3985 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3986 char *group_ou, char *group_membership,
3987 int group_security_flag, char *MoiraId)
3995 com_err(whoami, 0, "Populating group %s", group_name);
3997 call_args[0] = (char *)ldap_handle;
3998 call_args[1] = dn_path;
3999 call_args[2] = group_name;
4000 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
4001 call_args[4] = NULL;
4003 if (rc = mr_query("get_end_members_of_list", 1, av,
4004 member_list_build, call_args))
4006 com_err(whoami, 0, "Couldn't populate list %s : %s",
4007 group_name, error_message(rc));
4010 if (member_base != NULL)
4015 if (!strcasecmp(ptr->type, "LIST"))
4021 if (!strcasecmp(ptr->type, "STRING"))
4023 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4025 pUserOu = contact_ou;
4027 else if (!strcasecmp(ptr->type, "KERBEROS"))
4029 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4031 pUserOu = kerberos_ou;
4033 rc = member_add(ldap_handle, dn_path, group_name,
4034 group_ou, group_membership, ptr->member,
4038 linklist_free(member_base);
4044 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4045 char *group_name, char *group_ou, char *group_membership,
4046 int group_security_flag, int type)
4048 char before_desc[512];
4049 char before_name[256];
4050 char before_group_ou[256];
4051 char before_group_membership[2];
4052 char distinguishedName[256];
4053 char ad_distinguishedName[256];
4055 char *attr_array[3];
4056 int before_security_flag;
4059 LK_ENTRY *group_base;
4062 char ou_security[512];
4063 char ou_distribution[512];
4064 char ou_neither[512];
4066 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4067 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4070 memset(filter, '\0', sizeof(filter));
4073 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4075 "distinguishedName", &group_base,
4076 &group_count, filter))
4079 if (type == CHECK_GROUPS)
4081 if (group_count == 1)
4083 if (!strcasecmp(group_base->value, distinguishedName))
4085 linklist_free(group_base);
4089 linklist_free(group_base);
4090 if (group_count == 0)
4091 return(AD_NO_GROUPS_FOUND);
4092 if (group_count == 1)
4093 return(AD_WRONG_GROUP_DN_FOUND);
4094 return(AD_MULTIPLE_GROUPS_FOUND);
4096 if (group_count == 0)
4098 return(AD_NO_GROUPS_FOUND);
4100 if (group_count > 1)
4105 if (!strcasecmp(distinguishedName, ptr->value))
4111 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4115 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4118 linklist_free(group_base);
4119 return(AD_MULTIPLE_GROUPS_FOUND);
4124 if (strcasecmp(distinguishedName, ptr->value))
4125 rc = ldap_delete_s(ldap_handle, ptr->value);
4128 linklist_free(group_base);
4129 memset(filter, '\0', sizeof(filter));
4132 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4134 "distinguishedName", &group_base,
4135 &group_count, filter))
4137 if (group_count == 0)
4138 return(AD_NO_GROUPS_FOUND);
4139 if (group_count > 1)
4140 return(AD_MULTIPLE_GROUPS_FOUND);
4143 strcpy(ad_distinguishedName, group_base->value);
4144 linklist_free(group_base);
4148 attr_array[0] = "sAMAccountName";
4149 attr_array[1] = NULL;
4150 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4151 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4153 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4154 MoiraId, ldap_err2string(rc));
4157 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4159 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4161 linklist_free(group_base);
4166 linklist_free(group_base);
4169 memset(ou_both, '\0', sizeof(ou_both));
4170 memset(ou_security, '\0', sizeof(ou_security));
4171 memset(ou_distribution, '\0', sizeof(ou_distribution));
4172 memset(ou_neither, '\0', sizeof(ou_neither));
4173 memset(before_name, '\0', sizeof(before_name));
4174 memset(before_desc, '\0', sizeof(before_desc));
4175 memset(before_group_membership, '\0', sizeof(before_group_membership));
4176 attr_array[0] = "name";
4177 attr_array[1] = NULL;
4178 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4179 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4181 com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s",
4182 MoiraId, ldap_err2string(rc));
4185 strcpy(before_name, group_base->value);
4186 linklist_free(group_base);
4189 attr_array[0] = "description";
4190 attr_array[1] = NULL;
4191 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4192 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4195 "LDAP server unable to get list description with MoiraId = %s: %s",
4196 MoiraId, ldap_err2string(rc));
4199 if (group_count != 0)
4201 strcpy(before_desc, group_base->value);
4202 linklist_free(group_base);
4206 change_to_lower_case(ad_distinguishedName);
4207 strcpy(ou_both, group_ou_both);
4208 change_to_lower_case(ou_both);
4209 strcpy(ou_security, group_ou_security);
4210 change_to_lower_case(ou_security);
4211 strcpy(ou_distribution, group_ou_distribution);
4212 change_to_lower_case(ou_distribution);
4213 strcpy(ou_neither, group_ou_neither);
4214 change_to_lower_case(ou_neither);
4215 if (strstr(ad_distinguishedName, ou_both))
4217 strcpy(before_group_ou, group_ou_both);
4218 before_group_membership[0] = 'B';
4219 before_security_flag = 1;
4221 else if (strstr(ad_distinguishedName, ou_security))
4223 strcpy(before_group_ou, group_ou_security);
4224 before_group_membership[0] = 'S';
4225 before_security_flag = 1;
4227 else if (strstr(ad_distinguishedName, ou_distribution))
4229 strcpy(before_group_ou, group_ou_distribution);
4230 before_group_membership[0] = 'D';
4231 before_security_flag = 0;
4233 else if (strstr(ad_distinguishedName, ou_neither))
4235 strcpy(before_group_ou, group_ou_neither);
4236 before_group_membership[0] = 'N';
4237 before_security_flag = 0;
4240 return(AD_NO_OU_FOUND);
4241 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4242 before_group_ou, before_security_flag, before_desc,
4243 group_name, group_membership, group_ou, group_security_flag,
4244 before_desc, MoiraId, filter);
4248 void change_to_lower_case(char *ptr)
4252 for (i = 0; i < (int)strlen(ptr); i++)
4254 ptr[i] = tolower(ptr[i]);
4258 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4259 char *group_name, char *group_membership,
4260 char *MoiraId, char *attribute,
4261 LK_ENTRY **linklist_base, int *linklist_count,
4266 char *attr_array[3];
4269 (*linklist_base) = NULL;
4270 (*linklist_count) = 0;
4271 if (strlen(rFilter) != 0)
4273 strcpy(filter, rFilter);
4274 attr_array[0] = attribute;
4275 attr_array[1] = NULL;
4276 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4277 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4279 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4280 MoiraId, ldap_err2string(rc));
4283 if ((*linklist_count) == 1)
4285 strcpy(rFilter, filter);
4290 linklist_free((*linklist_base));
4291 (*linklist_base) = NULL;
4292 (*linklist_count) = 0;
4293 if (strlen(MoiraId) != 0)
4295 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4296 attr_array[0] = attribute;
4297 attr_array[1] = NULL;
4298 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4299 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4301 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4302 MoiraId, ldap_err2string(rc));
4306 if ((*linklist_count) > 1)
4308 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4309 pPtr = (*linklist_base);
4312 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4315 linklist_free((*linklist_base));
4316 (*linklist_base) = NULL;
4317 (*linklist_count) = 0;
4319 if ((*linklist_count) == 1)
4321 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4323 strcpy(rFilter, filter);
4328 linklist_free((*linklist_base));
4329 (*linklist_base) = NULL;
4330 (*linklist_count) = 0;
4331 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4332 attr_array[0] = attribute;
4333 attr_array[1] = NULL;
4334 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4335 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4337 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4338 MoiraId, ldap_err2string(rc));
4341 if ((*linklist_count) == 1)
4343 strcpy(rFilter, filter);
4350 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4353 char *attr_array[3];
4354 char SamAccountName[64];
4357 LK_ENTRY *group_base;
4363 if (strlen(MoiraId) != 0)
4365 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4366 attr_array[0] = "sAMAccountName";
4367 attr_array[1] = NULL;
4368 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4369 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4371 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
4372 UserName, ldap_err2string(rc));
4375 if (group_count > 1)
4377 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4382 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4383 gPtr->value, MoiraId);
4388 if (group_count != 1)
4390 linklist_free(group_base);
4393 sprintf(filter, "(sAMAccountName=%s)", UserName);
4394 attr_array[0] = "sAMAccountName";
4395 attr_array[1] = NULL;
4396 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4397 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4399 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
4400 UserName, ldap_err2string(rc));
4405 if (group_count != 1)
4407 linklist_free(group_base);
4408 return(AD_NO_USER_FOUND);
4410 strcpy(SamAccountName, group_base->value);
4411 linklist_free(group_base);
4414 if (strcmp(SamAccountName, UserName))
4416 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4422 void container_get_dn(char *src, char *dest)
4429 memset(array, '\0', 20 * sizeof(array[0]));
4431 if (strlen(src) == 0)
4450 strcpy(dest, "OU=");
4453 strcat(dest, array[n-1]);
4457 strcat(dest, ",OU=");
4463 void container_get_name(char *src, char *dest)
4468 if (strlen(src) == 0)
4485 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4492 strcpy(cName, name);
4493 for (i = 0; i < (int)strlen(cName); i++)
4495 if (cName[i] == '/')
4498 av[CONTAINER_NAME] = cName;
4499 av[CONTAINER_DESC] = "";
4500 av[CONTAINER_LOCATION] = "";
4501 av[CONTAINER_CONTACT] = "";
4502 av[CONTAINER_TYPE] = "";
4503 av[CONTAINER_ID] = "";
4504 av[CONTAINER_ROWID] = "";
4505 rc = container_create(ldap_handle, dn_path, 7, av);
4506 if (rc == LDAP_SUCCESS)
4508 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4516 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4517 int afterc, char **after)
4522 char new_dn_path[256];
4524 char distinguishedName[256];
4529 memset(cName, '\0', sizeof(cName));
4530 container_get_name(after[CONTAINER_NAME], cName);
4531 if (!check_container_name(cName))
4533 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4534 return(AD_INVALID_NAME);
4537 memset(distinguishedName, '\0', sizeof(distinguishedName));
4538 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4540 if (strlen(distinguishedName) == 0)
4542 rc = container_create(ldap_handle, dn_path, afterc, after);
4546 strcpy(temp, after[CONTAINER_NAME]);
4548 for (i = 0; i < (int)strlen(temp); i++)
4557 container_get_dn(temp, dName);
4558 if (strlen(temp) != 0)
4559 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4561 sprintf(new_dn_path, "%s", dn_path);
4562 sprintf(new_cn, "OU=%s", cName);
4564 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4566 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4567 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4569 com_err(whoami, 0, "couldn't rename container from %s to %s : %s",
4570 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4574 memset(dName, '\0', sizeof(dName));
4575 container_get_dn(after[CONTAINER_NAME], dName);
4576 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4580 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4582 char distinguishedName[256];
4585 memset(distinguishedName, '\0', sizeof(distinguishedName));
4586 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4588 if (strlen(distinguishedName) == 0)
4590 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4592 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4593 container_move_objects(ldap_handle, dn_path, distinguishedName);
4595 com_err(whoami, 0, "unable to delete container %s from AD : %s",
4596 av[CONTAINER_NAME], ldap_err2string(rc));
4601 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4603 char *attr_array[3];
4604 LK_ENTRY *group_base;
4607 char *objectClass_v[] = {"top",
4608 "organizationalUnit",
4611 char *ou_v[] = {NULL, NULL};
4612 char *name_v[] = {NULL, NULL};
4613 char *moiraId_v[] = {NULL, NULL};
4614 char *desc_v[] = {NULL, NULL};
4615 char *managedBy_v[] = {NULL, NULL};
4618 char managedByDN[256];
4625 memset(filter, '\0', sizeof(filter));
4626 memset(dName, '\0', sizeof(dName));
4627 memset(cName, '\0', sizeof(cName));
4628 memset(managedByDN, '\0', sizeof(managedByDN));
4629 container_get_dn(av[CONTAINER_NAME], dName);
4630 container_get_name(av[CONTAINER_NAME], cName);
4632 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4634 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4635 return(AD_INVALID_NAME);
4638 if (!check_container_name(cName))
4640 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4641 return(AD_INVALID_NAME);
4645 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4647 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4649 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4650 if (strlen(av[CONTAINER_ROWID]) != 0)
4652 moiraId_v[0] = av[CONTAINER_ROWID];
4653 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4655 if (strlen(av[CONTAINER_DESC]) != 0)
4657 desc_v[0] = av[CONTAINER_DESC];
4658 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4660 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4662 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4664 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4666 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4667 managedBy_v[0] = managedByDN;
4668 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4673 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4675 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4677 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4679 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4681 if (strlen(filter) != 0)
4683 attr_array[0] = "distinguishedName";
4684 attr_array[1] = NULL;
4687 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4688 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4690 if (group_count == 1)
4692 strcpy(managedByDN, group_base->value);
4693 managedBy_v[0] = managedByDN;
4694 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4696 linklist_free(group_base);
4705 sprintf(temp, "%s,%s", dName, dn_path);
4706 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4707 for (i = 0; i < n; i++)
4709 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4711 com_err(whoami, 0, "couldn't create container %s : %s",
4712 cName, ldap_err2string(rc));
4715 if (rc == LDAP_ALREADY_EXISTS)
4717 if (strlen(av[CONTAINER_ROWID]) != 0)
4718 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4723 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4724 int afterc, char **after)
4726 char distinguishedName[256];
4729 memset(distinguishedName, '\0', sizeof(distinguishedName));
4730 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4732 if (strlen(distinguishedName) == 0)
4734 rc = container_create(ldap_handle, dn_path, afterc, after);
4738 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4739 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4744 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4746 char *attr_array[3];
4747 LK_ENTRY *group_base;
4754 memset(filter, '\0', sizeof(filter));
4755 memset(dName, '\0', sizeof(dName));
4756 memset(cName, '\0', sizeof(cName));
4757 container_get_dn(av[CONTAINER_NAME], dName);
4758 container_get_name(av[CONTAINER_NAME], cName);
4760 if (strlen(dName) == 0)
4762 com_err(whoami, 0, "invalid LDAP container name %s", av[CONTAINER_NAME]);
4763 return(AD_INVALID_NAME);
4766 if (!check_container_name(cName))
4768 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4769 return(AD_INVALID_NAME);
4772 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4773 attr_array[0] = "distinguishedName";
4774 attr_array[1] = NULL;
4777 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4778 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4780 if (group_count == 1)
4782 strcpy(distinguishedName, group_base->value);
4784 linklist_free(group_base);
4788 if (strlen(distinguishedName) == 0)
4790 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4791 attr_array[0] = "distinguishedName";
4792 attr_array[1] = NULL;
4795 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4796 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4798 if (group_count == 1)
4800 strcpy(distinguishedName, group_base->value);
4802 linklist_free(group_base);
4810 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4811 char *distinguishedName, int count, char **av)
4813 char *attr_array[5];
4814 LK_ENTRY *group_base;
4820 char *moiraId_v[] = {NULL, NULL};
4821 char *desc_v[] = {NULL, NULL};
4822 char *managedBy_v[] = {NULL, NULL};
4823 char managedByDN[256];
4831 strcpy(temp, distinguishedName);
4832 if (strlen(dName) != 0)
4833 sprintf(temp, "%s,%s", dName, dn_path);
4835 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", temp);
4836 if (strlen(av[CONTAINER_ID]) != 0)
4837 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4838 attr_array[0] = "mitMoiraId";
4839 attr_array[1] = "description";
4840 attr_array[2] = "managedBy";
4841 attr_array[3] = NULL;
4844 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4845 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4847 com_err(whoami, 0, "couldn't retreive container info for %s : %s",
4848 av[CONTAINER_NAME], ldap_err2string(rc));
4851 memset(managedByDN, '\0', sizeof(managedByDN));
4852 memset(moiraId, '\0', sizeof(moiraId));
4853 memset(desc, '\0', sizeof(desc));
4857 if (!strcasecmp(pPtr->attribute, "description"))
4858 strcpy(desc, pPtr->value);
4859 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4860 strcpy(managedByDN, pPtr->value);
4861 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4862 strcpy(moiraId, pPtr->value);
4865 linklist_free(group_base);
4870 if (strlen(av[CONTAINER_ROWID]) != 0)
4872 moiraId_v[0] = av[CONTAINER_ROWID];
4873 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4875 if (strlen(av[CONTAINER_DESC]) != 0)
4877 desc_v[0] = av[CONTAINER_DESC];
4878 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4882 if (strlen(desc) != 0)
4885 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4888 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4890 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4892 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4894 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4895 managedBy_v[0] = managedByDN;
4896 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4900 if (strlen(managedByDN) != 0)
4902 managedBy_v[0] = NULL;
4903 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4909 memset(filter, '\0', sizeof(filter));
4910 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4912 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4914 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4916 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4918 if (strlen(filter) != 0)
4920 attr_array[0] = "distinguishedName";
4921 attr_array[1] = NULL;
4924 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4925 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4927 if (group_count == 1)
4929 strcpy(managedByDN, group_base->value);
4930 managedBy_v[0] = managedByDN;
4931 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4935 if (strlen(managedByDN) != 0)
4937 managedBy_v[0] = NULL;
4938 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4941 linklist_free(group_base);
4948 if (strlen(managedByDN) != 0)
4950 managedBy_v[0] = NULL;
4951 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4958 return(LDAP_SUCCESS);
4960 strcpy(temp, distinguishedName);
4961 if (strlen(dName) != 0)
4962 sprintf(temp, "%s,%s", dName, dn_path);
4963 rc = ldap_modify_s(ldap_handle, temp, mods);
4964 for (i = 0; i < n; i++)
4966 if (rc != LDAP_SUCCESS)
4968 com_err(whoami, 0, "couldn't modify container info for %s : %s",
4969 av[CONTAINER_NAME], ldap_err2string(rc));
4975 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4977 char *attr_array[3];
4978 LK_ENTRY *group_base;
4985 int NumberOfEntries = 10;
4989 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4991 for (i = 0; i < 3; i++)
4993 memset(filter, '\0', sizeof(filter));
4996 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4997 attr_array[0] = "cn";
4998 attr_array[1] = NULL;
5002 strcpy(filter, "(objectClass=computer)");
5003 attr_array[0] = "cn";
5004 attr_array[1] = NULL;
5008 strcpy(filter, "(objectClass=organizationalUnit)");
5009 attr_array[0] = "ou";
5010 attr_array[1] = NULL;
5015 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
5016 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
5020 if (group_count == 0)
5025 if (!strcasecmp(pPtr->attribute, "cn"))
5027 sprintf(new_cn, "cn=%s", pPtr->value);
5029 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5031 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5035 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5037 if (rc == LDAP_ALREADY_EXISTS)
5039 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5046 else if (!strcasecmp(pPtr->attribute, "ou"))
5048 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5052 linklist_free(group_base);
5060 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5062 LK_ENTRY *group_base;
5066 char *attr_array[3];
5073 strcpy(NewMachineName, member);
5074 rc = moira_connect();
5075 rc = GetMachineName(NewMachineName);
5077 if (strlen(NewMachineName) == 0)
5079 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5084 pPtr = strchr(NewMachineName, '.');
5090 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5091 attr_array[0] = "cn";
5092 attr_array[1] = NULL;
5093 sprintf(temp, "%s", dn_path);
5094 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5095 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5097 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
5098 member, ldap_err2string(rc));
5101 if (group_count != 1)
5103 com_err(whoami, 0, "LDAP server couldn't process machine %s : machine not found in AD",
5107 strcpy(dn, group_base->dn);
5108 strcpy(cn, group_base->value);
5109 for (i = 0; i < (int)strlen(dn); i++)
5110 dn[i] = tolower(dn[i]);
5111 for (i = 0; i < (int)strlen(cn); i++)
5112 cn[i] = tolower(cn[i]);
5113 linklist_free(group_base);
5115 pPtr = strstr(dn, cn);
5118 com_err(whoami, 0, "LDAP server couldn't process machine %s",
5122 pPtr += strlen(cn) + 1;
5123 strcpy(machine_ou, pPtr);
5125 pPtr = strstr(machine_ou, "dc=");
5128 com_err(whoami, 0, "LDAP server couldn't process machine %s",
5137 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5142 char MachineName[128];
5144 char *attr_array[3];
5149 LK_ENTRY *group_base;
5154 strcpy(MachineName, MoiraMachineName);
5155 rc = GetMachineName(MachineName);
5156 if (strlen(MachineName) == 0)
5158 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5162 cPtr = strchr(MachineName, '.');
5165 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5166 attr_array[0] = "sAMAccountName";
5167 attr_array[1] = NULL;
5168 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5169 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5171 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
5172 MoiraMachineName, ldap_err2string(rc));
5176 if (group_count == 1)
5177 strcpy(OldDn, group_base->dn);
5178 linklist_free(group_base);
5180 if (group_count != 1)
5182 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5185 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5186 cPtr = strchr(OldDn, ',');
5190 if (!strcasecmp(cPtr, NewOu))
5193 sprintf(NewCn, "CN=%s", MachineName);
5194 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5198 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5204 memset(Name, '\0', sizeof(Name));
5205 strcpy(Name, machine_name);
5207 pPtr = strchr(Name, '.');
5211 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5214 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5220 av[0] = machine_name;
5221 call_args[0] = (char *)container_name;
5222 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5227 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5232 strcpy(call_args[0], av[1]);
5236 int Moira_container_group_create(char **after)
5242 memset(GroupName, '\0', sizeof(GroupName));
5243 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5244 after[CONTAINER_ROWID]);
5248 argv[L_NAME] = GroupName;
5249 argv[L_ACTIVE] = "1";
5250 argv[L_PUBLIC] = "0";
5251 argv[L_HIDDEN] = "0";
5252 argv[L_MAILLIST] = "0";
5253 argv[L_GROUP] = "1";
5254 argv[L_GID] = UNIQUE_GID;
5255 argv[L_NFSGROUP] = "0";
5256 argv[L_MAILMAN] = "0";
5257 argv[L_MAILMAN_SERVER] = "[NONE]";
5258 argv[L_DESC] = "auto created container group";
5259 argv[L_ACE_TYPE] = "USER";
5260 argv[L_MEMACE_TYPE] = "USER";
5261 argv[L_ACE_NAME] = "sms";
5262 argv[L_MEMACE_NAME] = "sms";
5264 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5266 com_err(whoami, 0, "couldn't create container group %s for container %s: %s",
5267 GroupName, after[CONTAINER_NAME], error_message(rc));
5270 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5271 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5276 int Moira_container_group_update(char **before, char **after)
5279 char BeforeGroupName[64];
5280 char AfterGroupName[64];
5283 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5286 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5287 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5288 if (strlen(BeforeGroupName) == 0)
5291 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5292 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5293 after[CONTAINER_ROWID]);
5297 if (strcasecmp(BeforeGroupName, AfterGroupName))
5299 argv[L_NAME] = BeforeGroupName;
5300 argv[L_NAME + 1] = AfterGroupName;
5301 argv[L_ACTIVE + 1] = "1";
5302 argv[L_PUBLIC + 1] = "0";
5303 argv[L_HIDDEN + 1] = "1";
5304 argv[L_MAILLIST + 1] = "0";
5305 argv[L_GROUP + 1] = "1";
5306 argv[L_GID + 1] = UNIQUE_GID;
5307 argv[L_NFSGROUP + 1] = "0";
5308 argv[L_MAILMAN + 1] = "0";
5309 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5310 argv[L_DESC + 1] = "auto created container group";
5311 argv[L_ACE_TYPE + 1] = "USER";
5312 argv[L_MEMACE_TYPE + 1] = "USER";
5313 argv[L_ACE_NAME + 1] = "sms";
5314 argv[L_MEMACE_NAME + 1] = "sms";
5316 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5318 com_err(whoami, 0, "couldn't rename container group from %s to %s: %s",
5319 BeforeGroupName, AfterGroupName, error_message(rc));
5326 int Moira_container_group_delete(char **before)
5331 char ParentGroupName[64];
5333 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5334 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5336 memset(GroupName, '\0', sizeof(GroupName));
5337 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5338 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5340 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5342 argv[0] = ParentGroupName;
5344 argv[2] = GroupName;
5345 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5347 com_err(whoami, 0, "couldn't delete container group %s from list: %s",
5348 GroupName, ParentGroupName, error_message(rc));
5352 if (strlen(GroupName) != 0)
5354 argv[0] = GroupName;
5355 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5357 com_err(whoami, 0, "couldn't delete container group %s : %s",
5358 GroupName, error_message(rc));
5365 int Moira_groupname_create(char *GroupName, char *ContainerName,
5366 char *ContainerRowID)
5371 char newGroupName[64];
5372 char tempGroupName[64];
5377 strcpy(temp, ContainerName);
5379 ptr1 = strrchr(temp, '/');
5385 if (strlen(ptr) > 25)
5388 sprintf(newGroupName, "cnt-%s", ptr);
5390 /* change everything to lower case */
5395 *ptr = tolower(*ptr);
5401 strcpy(tempGroupName, newGroupName);
5403 /* append 0-9 then a-z if a duplicate is found */
5406 argv[0] = newGroupName;
5407 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5409 if (rc == MR_NO_MATCH)
5411 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5412 ContainerName, error_message(rc));
5415 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5418 com_err(whoami, 0, "Can not find a unique group name for container %s: too many duplicate container names",
5428 strcpy(GroupName, newGroupName);
5432 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5437 argv[0] = origContainerName;
5438 argv[1] = GroupName;
5440 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5442 com_err(whoami, 0, "couldn't set container group %s in container %s: %s",
5443 GroupName, origContainerName, error_message(rc));
5449 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5451 char ContainerName[64];
5452 char ParentGroupName[64];
5456 strcpy(ContainerName, origContainerName);
5458 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5459 /* top-level container */
5460 if (strlen(ParentGroupName) == 0)
5463 argv[0] = ParentGroupName;
5465 argv[2] = GroupName;
5466 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5468 com_err(whoami, 0, "couldn't add container group %s to parent group %s: %s",
5469 GroupName, ParentGroupName, error_message(rc));
5474 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5479 strcpy(call_args[0], av[1]);
5483 int Moira_getGroupName(char *origContainerName, char *GroupName,
5486 char ContainerName[64];
5492 strcpy(ContainerName, origContainerName);
5496 ptr = strrchr(ContainerName, '/');
5503 argv[0] = ContainerName;
5505 call_args[0] = GroupName;
5506 call_args[1] = NULL;
5508 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5511 if (strlen(GroupName) != 0)
5516 com_err(whoami, 0, "couldn't get container group from container %s: %s",
5517 ContainerName, error_message(rc));
5519 com_err(whoami, 0, "couldn't get container group from container %s",
5524 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5530 if (strcmp(GroupName, "[none]") == 0)
5533 argv[0] = GroupName;
5534 argv[1] = "MACHINE";
5535 argv[2] = MachineName;
5537 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5539 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5542 com_err(whoami, 0, "couldn't add machine %s to container group%s: %s",
5543 MachineName, GroupName, error_message(rc));
5548 int GetMachineName(char *MachineName)
5551 char NewMachineName[1024];
5558 // If the address happens to be in the top-level MIT domain, great!
5559 strcpy(NewMachineName, MachineName);
5560 for (i = 0; i < (int)strlen(NewMachineName); i++)
5561 NewMachineName[i] = toupper(NewMachineName[i]);
5562 szDot = strchr(NewMachineName,'.');
5563 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5568 // If not, see if it has a Moira alias in the top-level MIT domain.
5569 memset(NewMachineName, '\0', sizeof(NewMachineName));
5571 args[1] = MachineName;
5572 call_args[0] = NewMachineName;
5573 call_args[1] = NULL;
5574 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5576 com_err(whoami, 0, "couldn't resolve machine name %s : %s",
5577 MachineName, error_message(rc));
5578 strcpy(MachineName, "");
5582 if (strlen(NewMachineName) != 0)
5583 strcpy(MachineName, NewMachineName);
5585 strcpy(MachineName, "");
5590 int ProcessMachineName(int ac, char **av, void *ptr)
5593 char MachineName[1024];
5598 if (strlen(call_args[0]) == 0)
5600 strcpy(MachineName, av[0]);
5601 for (i = 0; i < (int)strlen(MachineName); i++)
5602 MachineName[i] = toupper(MachineName[i]);
5603 szDot = strchr(MachineName,'.');
5604 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5606 strcpy(call_args[0], MachineName);
5612 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5618 for (i = 0; i < n; i++)
5620 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5621 mods[i]->mod_type = "uidNumber";
5627 for (i = 0; i < n; i++)
5629 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5630 mods[i]->mod_type = "msSFU30UidNumber";
5636 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5637 char *WinHomeDir, char *WinProfileDir,
5638 char **homedir_v, char **winProfile_v,
5639 char **drives_v, LDAPMod **mods,
5647 char winProfile[1024];
5652 LDAPMod *DelMods[20];
5654 memset(homeDrive, '\0', sizeof(homeDrive));
5655 memset(path, '\0', sizeof(path));
5656 memset(winPath, '\0', sizeof(winPath));
5657 memset(winProfile, '\0', sizeof(winProfile));
5659 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5661 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5663 memset(cWeight, 0, sizeof(cWeight));
5664 memset(cPath, 0, sizeof(cPath));
5667 while (hp[i] != NULL)
5669 if (sscanf(hp[i], "%*s %s", cPath))
5671 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5673 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5675 if (atoi(cWeight) < last_weight)
5677 strcpy(path, cPath);
5678 last_weight = (int)atoi(cWeight);
5682 strcpy(path, cPath);
5689 if (!strnicmp(path, AFS, strlen(AFS)))
5691 AfsToWinAfs(path, winPath);
5692 strcpy(winProfile, winPath);
5693 strcat(winProfile, "\\.winprofile");
5709 if (!strcasecmp(WinHomeDir, "[local]"))
5710 memset(winPath, '\0', sizeof(winPath));
5711 else if (!strcasecmp(WinHomeDir, "[afs]"))
5713 strcpy(homeDrive, "H:");
5717 strcpy(winPath, WinHomeDir);
5718 if (!strncmp(WinHomeDir, "\\\\", 2))
5720 strcpy(homeDrive, "H:");
5724 // nothing needs to be done if WinProfileDir is [afs].
5725 if (!strcasecmp(WinProfileDir, "[local]"))
5726 memset(winProfile, '\0', sizeof(winProfile));
5727 else if (strcasecmp(WinProfileDir, "[afs]"))
5729 strcpy(winProfile, WinProfileDir);
5732 if (strlen(winProfile) != 0)
5734 if (winProfile[strlen(winProfile) - 1] == '\\')
5735 winProfile[strlen(winProfile) - 1] = '\0';
5737 if (strlen(winPath) != 0)
5739 if (winPath[strlen(winPath) - 1] == '\\')
5740 winPath[strlen(winPath) - 1] = '\0';
5743 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5744 strcat(winProfile, "\\");
5745 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5746 strcat(winPath, "\\");
5748 if (strlen(winPath) == 0)
5750 if (OpType == LDAP_MOD_REPLACE)
5753 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5755 //unset homeDirectory attribute for user.
5756 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5762 homedir_v[0] = strdup(winPath);
5763 ADD_ATTR("homeDirectory", homedir_v, OpType);
5766 if (strlen(winProfile) == 0)
5768 if (OpType == LDAP_MOD_REPLACE)
5771 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5773 //unset profilePate attribute for user.
5774 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5780 winProfile_v[0] = strdup(winProfile);
5781 ADD_ATTR("profilePath", winProfile_v, OpType);
5784 if (strlen(homeDrive) == 0)
5786 if (OpType == LDAP_MOD_REPLACE)
5789 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5791 //unset homeDrive attribute for user
5792 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5798 drives_v[0] = strdup(homeDrive);
5799 ADD_ATTR("homeDrive", drives_v, OpType);
5805 int GetServerList(char *ldap_domain, char **ServerList)
5812 int IgnoreServerListError;
5813 int ServerListFound;
5814 char default_server[256];
5816 char *attr_array[3];
5820 LK_ENTRY *group_base;
5825 memset(default_server, '\0', sizeof(default_server));
5826 memset(dn_path, '\0', sizeof(dn_path));
5827 for (i = 0; i < MAX_SERVER_NAMES; i++)
5829 if (ServerList[i] != NULL)
5831 free(ServerList[i]);
5832 ServerList[i] = NULL;
5835 IgnoreServerListError = 1;
5836 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5837 ServerList, &IgnoreServerListError))
5839 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5843 ServerListFound = 0;
5845 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5846 attr_array[0] = "fSMORoleOwner";
5847 attr_array[1] = NULL;
5848 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5849 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5851 if (group_count != 0)
5853 sPtr = strstr(group_base->value, ",CN=");
5856 sPtr += strlen(",CN=");
5857 if (ServerList[0] == NULL)
5858 ServerList[0] = calloc(1, 256);
5859 strcpy(ServerList[0], sPtr);
5860 sPtr = strstr(ServerList[0], ",");
5864 ServerListFound = 1;
5868 linklist_free(group_base);
5872 attr_array[0] = "cn";
5873 attr_array[1] = NULL;
5874 strcpy(filter, "(cn=*)");
5875 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5877 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5878 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5880 if (group_count != 0)
5883 while (gPtr != NULL)
5885 if (ServerListFound != 0)
5887 if (!strcasecmp(ServerList[0], gPtr->value))
5893 if (Count < MAX_SERVER_NAMES)
5895 if (ServerList[Count] == NULL)
5896 ServerList[Count] = calloc(1, 256);
5897 strcpy(ServerList[Count], gPtr->value);
5904 linklist_free(group_base);
5910 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5911 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5913 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5914 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5916 if (group_count != 0)
5921 linklist_free(group_base);
5925 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5927 fprintf(fptr, "%s%s\n", DOMAIN, ldap_domain);
5929 fprintf(fptr, "%s%s\n", MSSFU, SFUTYPE);
5930 for (i = 0; i < MAX_SERVER_NAMES; i++)
5932 if (ServerList[i] != NULL)
5934 fprintf(fptr, "%s%s\n", SERVER, ServerList[i]);
5939 ldap_unbind_s(ldap_handle);