2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_DOMAINS 10
384 char DomainNames[MAX_DOMAINS][128];
386 LK_ENTRY *member_base = NULL;
388 char PrincipalName[128];
389 static char tbl_buf[1024];
390 char kerberos_ou[] = "OU=kerberos,OU=moira";
391 char contact_ou[] = "OU=strings,OU=moira";
392 char user_ou[] = "OU=users,OU=moira";
393 char group_ou_distribution[1024];
394 char group_ou_root[1024];
395 char group_ou_security[1024];
396 char group_ou_neither[1024];
397 char group_ou_both[1024];
398 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
399 char orphans_other_ou[] = "OU=Other,OU=Orphans";
400 char security_template_ou[] = "OU=security_templates";
402 char ldap_domain[256];
403 char ldap_realm[256];
405 char *ServerList[MAX_SERVER_NAMES];
406 char default_server[256];
407 static char tbl_buf[1024];
408 char group_suffix[256];
409 char exchange_acl[256];
410 int mr_connections = 0;
413 int UseGroupSuffix = 1;
414 int UseGroupUniversal = 0;
418 int ProcessMachineContainer = 1;
419 int ActiveDirectory = 1;
420 int UpdateDomainList;
422 int GroupPopulateDelete = 0;
424 extern int set_password(char *user, char *password, char *domain);
426 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
427 char *group_membership, char *MoiraId, char *attribute,
428 LK_ENTRY **linklist_base, int *linklist_count,
430 void AfsToWinAfs(char* path, char* winPath);
431 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
432 char *Win2kPassword, char *Win2kUser, char *default_server,
433 int connect_to_kdc, char **ServerList, char *ldap_realm,
435 void ad_kdc_disconnect();
436 int ad_server_connect(char *connectedServer, char *domain);
437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
438 char *attribute_value, char *attribute, char *user_name);
439 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
440 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
441 int check_winad(void);
442 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
445 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
446 char *distinguishedName, int count, char **av);
447 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
448 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
449 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
450 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
451 char *distinguishedName, int count,
453 void container_get_dn(char *src, char *dest);
454 void container_get_name(char *src, char *dest);
455 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
456 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
457 char **before, int afterc, char **after);
458 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
459 char **before, int afterc, char **after);
461 int GetAceInfo(int ac, char **av, void *ptr);
462 int get_group_membership(char *group_membership, char *group_ou,
463 int *security_flag, char **av);
464 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
465 char *machine_ou, char *pPtr);
466 int Moira_container_group_create(char **after);
467 int Moira_container_group_delete(char **before);
468 int Moira_groupname_create(char *GroupName, char *ContainerName,
469 char *ContainerRowID);
470 int Moira_container_group_update(char **before, char **after);
471 int Moira_process_machine_container_group(char *MachineName, char* groupName,
473 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
474 int Moira_getContainerGroup(int ac, char **av, void *ptr);
475 int Moira_getGroupName(char *origContainerName, char *GroupName,
477 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
478 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
479 int UpdateGroup, int *ProcessGroup, char *maillist);
480 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
481 char *group_name, char *group_ou, char *group_membership,
482 int group_security_flag, int type, char *maillist);
483 int process_lists(int ac, char **av, void *ptr);
484 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
485 char *TargetGroupName, int HiddenGroup,
486 char *AceType, char *AceName);
487 int ProcessMachineName(int ac, char **av, void *ptr);
488 int ReadConfigFile(char *DomainName);
489 int ReadDomainList();
490 void StringTrim(char *StringToTrim);
491 char *escape_string(char *s);
492 int save_query_info(int argc, char **argv, void *hint);
493 int save_fsgroup_info(int argc, char **argv, void *hint);
494 int user_create(int ac, char **av, void *ptr);
495 int user_change_status(LDAP *ldap_handle, char *dn_path,
496 char *user_name, char *MoiraId, int operation);
497 int user_delete(LDAP *ldap_handle, char *dn_path,
498 char *u_name, char *MoiraId);
499 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
501 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
502 char *uid, char *MitId, char *MoiraId, int State,
503 char *WinHomeDir, char *WinProfileDir, char *first,
504 char *middle, char *last, char *shell, char *class);
505 void change_to_lower_case(char *ptr);
506 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
507 int contact_remove_email(LDAP *ld, char *bind_path,
508 LK_ENTRY **linklist_entry, int linklist_current);
509 int group_create(int ac, char **av, void *ptr);
510 int group_delete(LDAP *ldap_handle, char *dn_path,
511 char *group_name, char *group_membership, char *MoiraId);
512 int group_rename(LDAP *ldap_handle, char *dn_path,
513 char *before_group_name, char *before_group_membership,
514 char *before_group_ou, int before_security_flag,
515 char *before_desc, char *after_group_name,
516 char *after_group_membership, char *after_group_ou,
517 int after_security_flag, char *after_desc,
518 char *MoiraId, char *filter, char *maillist);
519 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
520 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
521 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
522 char *machine_name, char *container_name);
523 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
524 char *MoiraMachineName, char *DestinationOu);
525 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
526 char *group_name, char *group_ou, char *group_membership,
527 int group_security_flag, int updateGroup, char *maillist);
528 int member_list_build(int ac, char **av, void *ptr);
529 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership,
531 char *user_name, char *pUserOu, char *MoiraId);
532 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership, char *user_name,
534 char *pUserOu, char *MoiraId);
535 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership,
537 int group_security_flag, char *MoiraId);
538 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
539 char *DistinguishedName,
540 char *WinHomeDir, char *WinProfileDir,
541 char **homedir_v, char **winProfile_v,
542 char **drives_v, LDAPMod **mods,
544 int sid_update(LDAP *ldap_handle, char *dn_path);
545 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
546 int check_string(char *s);
547 int check_container_name(char* s);
549 int mr_connect_cl(char *server, char *client, int version, int auth);
550 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
551 char **before, int beforec, char **after, int afterc);
552 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
553 char **before, int beforec, char **after, int afterc);
554 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
555 char **before, int beforec, char **after, int afterc);
556 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
557 char **before, int beforec, char **after, int afterc);
558 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
559 char **before, int beforec, char **after, int afterc);
560 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
561 char **before, int beforec, char **after, int afterc);
562 int linklist_create_entry(char *attribute, char *value,
563 LK_ENTRY **linklist_entry);
564 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
565 char **attr_array, LK_ENTRY **linklist_base,
566 int *linklist_count, unsigned long ScopeType);
567 void linklist_free(LK_ENTRY *linklist_base);
569 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
570 char *distinguished_name, LK_ENTRY **linklist_current);
571 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
572 LK_ENTRY **linklist_base, int *linklist_count);
573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
574 char *Attribute, char *distinguished_name,
575 LK_ENTRY **linklist_current);
577 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
578 char *oldValue, char *newValue,
579 char ***modvalues, int type);
580 void free_values(char **modvalues);
582 int convert_domain_to_dn(char *domain, char **bind_path);
583 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
584 char *distinguished_name);
585 int moira_disconnect(void);
586 int moira_connect(void);
587 void print_to_screen(const char *fmt, ...);
588 int GetMachineName(char *MachineName);
589 int tickets_get_k5();
590 int destroy_cache(void);
593 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
594 char **homeServerName);
596 int main(int argc, char **argv)
612 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
616 com_err(whoami, 0, "Unable to process %s", "argc < 4");
620 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
622 com_err(whoami, 0, "Unable to process %s",
623 "argc < (4 + beforec + afterc)");
627 if (!strcmp(argv[1], "filesys"))
630 for (i = 1; i < argc; i++)
632 strcat(tbl_buf, argv[i]);
633 strcat(tbl_buf, " ");
636 com_err(whoami, 0, "%s", tbl_buf);
640 com_err(whoami, 0, "%s failed", "check_winad()");
644 initialize_sms_error_table();
645 initialize_krb_error_table();
647 UpdateDomainList = 0;
648 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
650 if (ReadDomainList())
652 com_err(whoami, 0, "%s failed", "ReadDomainList()");
656 for (i = 0; i < argc; i++)
659 for (k = 0; k < MAX_DOMAINS; k++)
661 if (strlen(DomainNames[k]) == 0)
663 for (i = 0; i < argc; i++)
665 if (orig_argv[i] != NULL)
667 orig_argv[i] = strdup(argv[i]);
670 memset(PrincipalName, '\0', sizeof(PrincipalName));
671 memset(ldap_domain, '\0', sizeof(ldap_domain));
672 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
673 memset(default_server, '\0', sizeof(default_server));
674 memset(dn_path, '\0', sizeof(dn_path));
675 memset(group_suffix, '\0', sizeof(group_suffix));
676 memset(exchange_acl, '\0', sizeof(exchange_acl));
680 UseGroupUniversal = 0;
684 ProcessMachineContainer = 1;
687 sprintf(group_suffix, "%s", "_group");
688 sprintf(exchange_acl, "%s", "exchange-acl");
690 beforec = atoi(orig_argv[2]);
691 afterc = atoi(orig_argv[3]);
692 table = orig_argv[1];
693 before = &orig_argv[4];
694 after = &orig_argv[4 + beforec];
702 if (ReadConfigFile(DomainNames[k]))
707 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
708 sprintf(group_ou_root, "OU=lists,OU=moira");
709 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
711 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_distribution, "OU=lists,OU=moira");
716 sprintf(group_ou_root, "OU=lists,OU=moira");
717 sprintf(group_ou_security, "OU=lists,OU=moira");
718 sprintf(group_ou_neither, "OU=lists,OU=moira");
719 sprintf(group_ou_both, "OU=lists,OU=moira");
722 OldUseSFU30 = UseSFU30;
724 for (i = 0; i < 5; i++)
726 ldap_handle = (LDAP *)NULL;
727 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
728 default_server, SetPassword, ServerList,
729 ldap_realm, ldap_port)))
731 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
736 if ((rc) || (ldap_handle == NULL))
738 critical_alert("incremental",
739 "ldap.incr cannot connect to any server in "
740 "domain %s", DomainNames[k]);
744 for (i = 0; i < (int)strlen(table); i++)
745 table[i] = tolower(table[i]);
747 if (!strcmp(table, "users"))
748 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "list"))
751 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "imembers"))
754 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "containers"))
757 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "mcntmap"))
760 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
766 for (i = 0; i < MAX_SERVER_NAMES; i++)
768 if (ServerList[i] != NULL)
771 ServerList[i] = NULL;
775 rc = ldap_unbind_s(ldap_handle);
781 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
782 char **before, int beforec, char **after, int afterc)
784 char MoiraContainerName[128];
785 char ADContainerName[128];
786 char MachineName[1024];
787 char OriginalMachineName[1024];
790 char MoiraContainerGroup[64];
792 if (!ProcessMachineContainer)
794 com_err(whoami, 0, "Process machines and containers disabled, skipping");
799 memset(ADContainerName, '\0', sizeof(ADContainerName));
800 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
802 if ((beforec == 0) && (afterc == 0))
805 if (rc = moira_connect())
807 critical_alert("AD incremental",
808 "Error contacting Moira server : %s",
813 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
815 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
816 strcpy(MachineName, before[OU_MACHINE_NAME]);
817 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
819 com_err(whoami, 0, "removing machine %s from %s",
820 OriginalMachineName, before[OU_CONTAINER_NAME]);
822 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
824 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
825 strcpy(MachineName, after[OU_MACHINE_NAME]);
826 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
827 com_err(whoami, 0, "adding machine %s to container %s",
828 OriginalMachineName, after[OU_CONTAINER_NAME]);
836 rc = GetMachineName(MachineName);
838 if (strlen(MachineName) == 0)
841 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
842 OriginalMachineName);
846 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
849 if (machine_check(ldap_handle, dn_path, MachineName))
851 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.",
852 OriginalMachineName, MachineName);
857 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
858 machine_get_moira_container(ldap_handle, dn_path, MachineName,
861 if (strlen(MoiraContainerName) == 0)
863 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
864 "in Moira - moving to orphans OU.",
865 OriginalMachineName, MachineName);
866 machine_move_to_ou(ldap_handle, dn_path, MachineName,
867 orphans_machines_ou);
872 container_get_dn(MoiraContainerName, ADContainerName);
874 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
875 strcat(MoiraContainerName, "/");
877 container_check(ldap_handle, dn_path, MoiraContainerName);
878 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
883 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
884 char **before, int beforec, char **after, int afterc)
888 if (!ProcessMachineContainer)
890 com_err(whoami, 0, "Process machines and containers disabled, skipping");
894 if ((beforec == 0) && (afterc == 0))
897 if (rc = moira_connect())
899 critical_alert("AD incremental", "Error contacting Moira server : %s",
904 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
906 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
907 container_delete(ldap_handle, dn_path, beforec, before);
908 Moira_container_group_delete(before);
913 if ((beforec == 0) && (afterc != 0)) /*create a container*/
915 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
916 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
917 container_create(ldap_handle, dn_path, afterc, after);
918 Moira_container_group_create(after);
923 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
925 com_err(whoami, 0, "renaming container %s to %s",
926 before[CONTAINER_NAME], after[CONTAINER_NAME]);
927 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
928 Moira_container_group_update(before, after);
933 com_err(whoami, 0, "updating container %s information",
934 after[CONTAINER_NAME]);
935 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
936 Moira_container_group_update(before, after);
941 #define L_LIST_DESC 9
944 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
945 char **before, int beforec, char **after, int afterc)
950 char group_membership[6];
955 char before_list_id[32];
956 char before_group_membership[1];
957 int before_security_flag;
958 char before_group_ou[256];
959 LK_ENTRY *ptr = NULL;
961 if (beforec == 0 && afterc == 0)
964 memset(list_id, '\0', sizeof(list_id));
965 memset(before_list_id, '\0', sizeof(before_list_id));
966 memset(before_group_ou, '\0', sizeof(before_group_ou));
967 memset(before_group_membership, '\0', sizeof(before_group_membership));
968 memset(group_ou, '\0', sizeof(group_ou));
969 memset(group_membership, '\0', sizeof(group_membership));
974 if (beforec < L_LIST_ID)
976 if (beforec > L_LIST_DESC)
978 strcpy(before_list_id, before[L_LIST_ID]);
980 before_security_flag = 0;
981 get_group_membership(before_group_membership, before_group_ou,
982 &before_security_flag, before);
987 if (afterc < L_LIST_ID)
989 if (afterc > L_LIST_DESC)
991 strcpy(list_id, after[L_LIST_ID]);
994 get_group_membership(group_membership, group_ou, &security_flag, after);
997 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1006 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1007 before[L_NAME], before_group_ou,
1008 before_group_membership,
1009 before_security_flag, CHECK_GROUPS,
1010 before[L_MAILLIST])))
1012 if (rc == AD_NO_GROUPS_FOUND)
1016 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1017 (rc == AD_MULTIPLE_GROUPS_FOUND))
1019 rc = process_group(ldap_handle, dn_path, before_list_id,
1020 before[L_NAME], before_group_ou,
1021 before_group_membership,
1022 before_security_flag, CLEANUP_GROUPS,
1023 before[L_MAILLIST]);
1025 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1027 com_err(whoami, 0, "Unable to process list %s",
1031 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((beforec != 0) && (afterc != 0))
1039 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1040 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1041 (strcmp(before_group_ou, group_ou)))) &&
1044 com_err(whoami, 0, "Changing list name from %s to %s",
1045 before[L_NAME], after[L_NAME]);
1047 if ((strlen(before_group_ou) == 0) ||
1048 (strlen(before_group_membership) == 0) ||
1049 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1051 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1055 memset(filter, '\0', sizeof(filter));
1057 if ((rc = group_rename(ldap_handle, dn_path,
1058 before[L_NAME], before_group_membership,
1059 before_group_ou, before_security_flag,
1060 before[L_LIST_DESC], after[L_NAME],
1061 group_membership, group_ou, security_flag,
1063 list_id, filter, after[L_MAILLIST])))
1065 if (rc != AD_NO_GROUPS_FOUND)
1068 "Unable to change list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1082 if ((strlen(before_group_ou) == 0) ||
1083 (strlen(before_group_membership) == 0))
1086 "Unable to find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1100 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1102 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1103 group_ou, group_membership,
1104 security_flag, CHECK_GROUPS,
1107 if (rc != AD_NO_GROUPS_FOUND)
1109 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1110 (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id,
1114 group_ou, group_membership,
1115 security_flag, CLEANUP_GROUPS,
1122 "Unable to create list %s", after[L_NAME]);
1129 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1131 if (rc = moira_connect())
1133 critical_alert("AD incremental",
1134 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1142 &ProcessGroup, after[L_MAILLIST]))
1147 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1148 &ProcessGroup, after[L_MAILLIST]))
1152 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1153 group_ou, group_membership, security_flag,
1154 updateGroup, after[L_MAILLIST]))
1160 if (atoi(after[L_ACTIVE]))
1162 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1163 group_membership, security_flag, list_id);
1171 #define LM_EXTRA_ACTIVE (LM_END)
1172 #define LM_EXTRA_PUBLIC (LM_END+1)
1173 #define LM_EXTRA_HIDDEN (LM_END+2)
1174 #define LM_EXTRA_MAILLIST (LM_END+3)
1175 #define LM_EXTRA_GROUP (LM_END+4)
1176 #define LM_EXTRA_GID (LM_END+5)
1177 #define LMN_LIST_ID (LM_END+6)
1178 #define LM_LIST_ID (LM_END+7)
1179 #define LM_USER_ID (LM_END+8)
1180 #define LM_EXTRA_END (LM_END+9)
1182 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1183 char **before, int beforec, char **after, int afterc)
1185 LK_ENTRY *group_base;
1188 char *attr_array[3];
1189 char group_name[128];
1190 char user_name[128];
1191 char user_type[128];
1192 char moira_list_id[32];
1193 char moira_user_id[32];
1194 char group_membership[1];
1196 char machine_ou[256];
1204 char NewMachineName[1024];
1208 char *save_argv[U_END];
1212 memset(moira_list_id, '\0', sizeof(moira_list_id));
1213 memset(moira_user_id, '\0', sizeof(moira_user_id));
1217 if (afterc < LM_EXTRA_GID)
1220 if (!atoi(after[LM_EXTRA_ACTIVE]))
1223 "Unable to add %s to group %s : group not active",
1224 after[2], after[0]);
1230 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, after[LM_MEMBER]);
1234 strcpy(group_name, after[LM_LIST]);
1235 strcpy(user_type, after[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (afterc > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, after[LMN_LIST_ID]);
1242 strcpy(moira_user_id, after[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (afterc > LMN_LIST_ID)
1249 strcpy(moira_list_id, after[LM_LIST_ID]);
1250 strcpy(moira_user_id, after[LM_USER_ID]);
1255 if (afterc > LM_EXTRA_GID)
1256 strcpy(moira_list_id, after[LMN_LIST_ID]);
1261 if (beforec < LM_EXTRA_GID)
1263 if (!atoi(before[LM_EXTRA_ACTIVE]))
1266 "Unable to remove %s from group %s : group not active",
1267 before[2], before[0]);
1273 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1276 strcpy(user_name, before[LM_MEMBER]);
1277 strcpy(group_name, before[LM_LIST]);
1278 strcpy(user_type, before[LM_TYPE]);
1280 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1282 if (beforec > LM_EXTRA_GROUP)
1284 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 strcpy(moira_user_id, before[LM_LIST_ID]);
1288 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1290 if (beforec > LMN_LIST_ID)
1292 strcpy(moira_list_id, before[LM_LIST_ID]);
1293 strcpy(moira_user_id, before[LM_USER_ID]);
1298 if (beforec > LM_EXTRA_GID)
1299 strcpy(moira_list_id, before[LMN_LIST_ID]);
1306 "Unable to process group : beforec = %d, afterc = %d",
1311 args[L_NAME] = ptr[LM_LIST];
1312 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1313 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1314 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1315 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1316 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1317 args[L_GID] = ptr[LM_EXTRA_GID];
1320 memset(group_ou, '\0', sizeof(group_ou));
1321 get_group_membership(group_membership, group_ou, &security_flag, args);
1323 if (strlen(group_ou) == 0)
1325 com_err(whoami, 0, "Unable to find the group OU for group %s",
1330 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1331 group_ou, group_membership, security_flag,
1332 CHECK_GROUPS, args[L_MAILLIST]))
1334 if (rc != AD_NO_GROUPS_FOUND)
1336 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1337 group_name, group_ou, group_membership,
1338 security_flag, CLEANUP_GROUPS,
1341 if (rc != AD_NO_GROUPS_FOUND)
1344 com_err(whoami, 0, "Unable to add %s to group %s - "
1345 "unable to process group", user_name, group_name);
1347 com_err(whoami, 0, "Unable to remove %s from group %s - "
1348 "unable to process group", user_name, group_name);
1355 if (rc == AD_NO_GROUPS_FOUND)
1357 if (rc = moira_connect())
1359 critical_alert("AD incremental",
1360 "Error contacting Moira server : %s",
1365 com_err(whoami, 0, "creating group %s", group_name);
1368 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1369 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1375 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1380 group_ou, group_membership, security_flag, 0,
1381 ptr[LM_EXTRA_MAILLIST]))
1387 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1389 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1390 group_membership, security_flag, moira_list_id);
1400 com_err(whoami, 0, "removing user %s from list %s", user_name,
1404 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1406 if (!ProcessMachineContainer)
1408 com_err(whoami, 0, "Process machines and containers disabled, "
1413 memset(machine_ou, '\0', sizeof(machine_ou));
1414 memset(NewMachineName, '\0', sizeof(NewMachineName));
1415 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1416 machine_ou, NewMachineName))
1418 if (ptr[LM_MEMBER] != NULL)
1419 free(ptr[LM_MEMBER]);
1420 ptr[LM_MEMBER] = strdup(NewMachineName);
1421 pUserOu = machine_ou;
1424 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1426 strcpy(member, ptr[LM_MEMBER]);
1430 if((s = strchr(member, '@')) == (char *) NULL)
1432 strcat(member, "@mit.edu");
1434 if (ptr[LM_MEMBER] != NULL)
1435 free(ptr[LM_MEMBER]);
1436 ptr[LM_MEMBER] = strdup(member);
1439 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1441 s = strrchr(member, '.');
1443 strcat(s, ".mit.edu");
1445 if (ptr[LM_MEMBER] != NULL)
1446 free(ptr[LM_MEMBER]);
1447 ptr[LM_MEMBER] = strdup(member);
1451 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1455 pUserOu = contact_ou;
1457 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1459 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1463 pUserOu = kerberos_ou;
1466 if (rc = moira_connect()) {
1467 critical_alert("AD incremental",
1468 "Error contacting Moira server : %s",
1473 if (rc = populate_group(ldap_handle, dn_path, group_name,
1474 group_ou, group_membership,
1475 security_flag, moira_list_id))
1476 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1481 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1483 if (rc = moira_connect())
1485 critical_alert("AD incremental",
1486 "Error contacting Moira server : %s",
1491 if (rc = populate_group(ldap_handle, dn_path, group_name,
1492 group_ou, group_membership, security_flag,
1494 com_err(whoami, 0, "Unable to remove %s from group %s",
1495 user_name, group_name);
1502 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1505 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1507 memset(machine_ou, '\0', sizeof(machine_ou));
1508 memset(NewMachineName, '\0', sizeof(NewMachineName));
1510 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1514 if (ptr[LM_MEMBER] != NULL)
1515 free(ptr[LM_MEMBER]);
1517 ptr[LM_MEMBER] = strdup(NewMachineName);
1518 pUserOu = machine_ou;
1520 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1522 strcpy(member, ptr[LM_MEMBER]);
1526 if((s = strchr(member, '@')) == (char *) NULL)
1528 strcat(member, "@mit.edu");
1530 if (ptr[LM_MEMBER] != NULL)
1531 free(ptr[LM_MEMBER]);
1532 ptr[LM_MEMBER] = strdup(member);
1535 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1537 s = strrchr(member, '.');
1539 strcat(s, ".mit.edu");
1541 if (ptr[LM_MEMBER] != NULL)
1542 free(ptr[LM_MEMBER]);
1543 ptr[LM_MEMBER] = strdup(member);
1547 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1551 pUserOu = contact_ou;
1553 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1555 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1559 pUserOu = kerberos_ou;
1561 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1563 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1564 moira_user_id)) == AD_NO_USER_FOUND)
1566 if (rc = moira_connect())
1568 critical_alert("AD incremental",
1569 "Error connection to Moira : %s",
1574 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1575 av[0] = ptr[LM_MEMBER];
1576 call_args[0] = (char *)ldap_handle;
1577 call_args[1] = dn_path;
1578 call_args[2] = moira_user_id;
1579 call_args[3] = NULL;
1588 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1589 attr_array[0] = "cn";
1590 attr_array[1] = NULL;
1591 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1592 attr_array, &group_base, &group_count,
1593 LDAP_SCOPE_SUBTREE)) != 0)
1595 com_err(whoami, 0, "Unable to process user %s : %s",
1596 ptr[LM_MEMBER], ldap_err2string(rc));
1602 com_err(whoami, 0, "Object already exists with name %s",
1607 linklist_free(group_base);
1612 if (rc = mr_query("get_user_account_by_login", 1, av,
1613 save_query_info, save_argv))
1616 com_err(whoami, 0, "Unable to create user %s : %s",
1617 ptr[LM_MEMBER], error_message(rc));
1621 if (rc = user_create(U_END, save_argv, call_args))
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1643 if (rc = moira_connect()) {
1644 critical_alert("AD incremental",
1645 "Error contacting Moira server : %s",
1650 if (rc = populate_group(ldap_handle, dn_path, group_name,
1651 group_ou, group_membership, security_flag,
1653 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1658 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1660 if (rc = moira_connect())
1662 critical_alert("AD incremental",
1663 "Error contacting Moira server : %s",
1668 if (rc = populate_group(ldap_handle, dn_path, group_name,
1669 group_ou, group_membership, security_flag,
1671 com_err(whoami, 0, "Unable to add %s to group %s",
1672 user_name, group_name);
1681 #define U_USER_ID 10
1682 #define U_HOMEDIR 11
1683 #define U_PROFILEDIR 12
1685 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1686 char **before, int beforec, char **after,
1689 LK_ENTRY *group_base;
1692 char *attr_array[3];
1695 char after_user_id[32];
1696 char before_user_id[32];
1698 char *save_argv[U_END];
1700 if ((beforec == 0) && (afterc == 0))
1703 memset(after_user_id, '\0', sizeof(after_user_id));
1704 memset(before_user_id, '\0', sizeof(before_user_id));
1706 if (beforec > U_USER_ID)
1707 strcpy(before_user_id, before[U_USER_ID]);
1709 if (afterc > U_USER_ID)
1710 strcpy(after_user_id, after[U_USER_ID]);
1712 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1715 if ((beforec == 0) && (afterc != 0))
1717 /*this case only happens when the account*/
1718 /*account is first created but not usable*/
1720 com_err(whoami, 0, "Unable to process user %s because the user account "
1721 "is not yet usable", after[U_NAME]);
1725 /*this case only happens when the account is expunged */
1727 if ((beforec != 0) && (afterc == 0))
1729 if (atoi(before[U_STATE]) == 0)
1731 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1732 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1736 com_err(whoami, 0, "Unable to process because user %s has been "
1737 "previously expungeded", before[U_NAME]);
1742 /*process anything that gets here*/
1744 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1745 before_user_id)) == AD_NO_USER_FOUND)
1747 if (!check_string(after[U_NAME]))
1750 if (rc = moira_connect())
1752 critical_alert("AD incremental",
1753 "Error connection to Moira : %s",
1758 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1760 av[0] = after[U_NAME];
1761 call_args[0] = (char *)ldap_handle;
1762 call_args[1] = dn_path;
1763 call_args[2] = after_user_id;
1764 call_args[3] = NULL;
1772 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1773 attr_array[0] = "cn";
1774 attr_array[1] = NULL;
1776 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1777 &group_base, &group_count,
1778 LDAP_SCOPE_SUBTREE)) != 0)
1780 com_err(whoami, 0, "Unable to process user %s : %s",
1781 after[U_NAME], ldap_err2string(rc));
1785 if (group_count >= 1)
1787 com_err(whoami, 0, "Object already exists with name %s",
1792 linklist_free(group_base);
1797 if (rc = mr_query("get_user_account_by_login", 1, av,
1798 save_query_info, save_argv))
1801 com_err(whoami, 0, "Unable to create user %s : %s",
1802 after[U_NAME], error_message(rc));
1806 if (rc = user_create(U_END, save_argv, call_args))
1808 com_err(whoami, 0, "Unable to create user %s : %s",
1809 after[U_NAME], error_message(rc));
1816 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1828 if (strcmp(before[U_NAME], after[U_NAME]))
1830 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1832 com_err(whoami, 0, "changing user %s to %s",
1833 before[U_NAME], after[U_NAME]);
1835 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1836 after[U_NAME])) != LDAP_SUCCESS)
1843 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1844 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1845 after[U_UID], after[U_MITID],
1846 after_user_id, atoi(after[U_STATE]),
1847 after[U_HOMEDIR], after[U_PROFILEDIR],
1848 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1849 after[U_SHELL], after[U_CLASS]);
1854 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1855 char *oldValue, char *newValue,
1856 char ***modvalues, int type)
1858 LK_ENTRY *linklist_ptr;
1862 if (((*modvalues) = calloc(1,
1863 (modvalue_count + 1) * sizeof(char *))) == NULL)
1868 for (i = 0; i < (modvalue_count + 1); i++)
1869 (*modvalues)[i] = NULL;
1871 if (modvalue_count != 0)
1873 linklist_ptr = linklist_base;
1874 for (i = 0; i < modvalue_count; i++)
1876 if ((oldValue != NULL) && (newValue != NULL))
1878 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1881 if (type == REPLACE)
1883 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1886 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1887 strcpy((*modvalues)[i], newValue);
1891 if (((*modvalues)[i] = calloc(1,
1892 (int)(cPtr - linklist_ptr->value) +
1893 (linklist_ptr->length -
1895 strlen(newValue) + 1)) == NULL)
1897 memset((*modvalues)[i], '\0',
1898 (int)(cPtr - linklist_ptr->value) +
1899 (linklist_ptr->length - strlen(oldValue)) +
1900 strlen(newValue) + 1);
1901 memcpy((*modvalues)[i], linklist_ptr->value,
1902 (int)(cPtr - linklist_ptr->value));
1903 strcat((*modvalues)[i], newValue);
1904 strcat((*modvalues)[i],
1905 &linklist_ptr->value[(int)(cPtr -
1906 linklist_ptr->value) + strlen(oldValue)]);
1911 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1912 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1913 memcpy((*modvalues)[i], linklist_ptr->value,
1914 linklist_ptr->length);
1919 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1920 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1921 memcpy((*modvalues)[i], linklist_ptr->value,
1922 linklist_ptr->length);
1924 linklist_ptr = linklist_ptr->next;
1926 (*modvalues)[i] = NULL;
1932 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1933 char **attr_array, LK_ENTRY **linklist_base,
1934 int *linklist_count, unsigned long ScopeType)
1937 LDAPMessage *ldap_entry;
1941 (*linklist_base) = NULL;
1942 (*linklist_count) = 0;
1944 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1945 search_exp, attr_array, 0,
1946 &ldap_entry)) != LDAP_SUCCESS)
1948 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1952 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1955 ldap_msgfree(ldap_entry);
1959 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1960 LK_ENTRY **linklist_base, int *linklist_count)
1962 char distinguished_name[1024];
1963 LK_ENTRY *linklist_ptr;
1966 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1969 memset(distinguished_name, '\0', sizeof(distinguished_name));
1970 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1972 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1973 linklist_base)) != 0)
1976 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1978 memset(distinguished_name, '\0', sizeof(distinguished_name));
1979 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1981 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1982 distinguished_name, linklist_base)) != 0)
1986 linklist_ptr = (*linklist_base);
1987 (*linklist_count) = 0;
1989 while (linklist_ptr != NULL)
1991 ++(*linklist_count);
1992 linklist_ptr = linklist_ptr->next;
1998 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1999 char *distinguished_name, LK_ENTRY **linklist_current)
2006 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2009 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2011 ldap_memfree(Attribute);
2012 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2015 retrieve_values(ldap_handle, ldap_entry, Attribute,
2016 distinguished_name, linklist_current);
2017 ldap_memfree(Attribute);
2021 ldap_ber_free(ptr, 0);
2026 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2027 char *Attribute, char *distinguished_name,
2028 LK_ENTRY **linklist_current)
2034 LK_ENTRY *linklist_previous;
2035 LDAP_BERVAL **ber_value;
2044 SID_IDENTIFIER_AUTHORITY *sid_auth;
2045 unsigned char *subauth_count;
2046 #endif /*LDAP_BEGUG*/
2049 memset(temp, '\0', sizeof(temp));
2051 if ((!strcmp(Attribute, "objectSid")) ||
2052 (!strcmp(Attribute, "objectGUID")))
2057 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2058 Ptr = (void **)ber_value;
2063 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2064 Ptr = (void **)str_value;
2072 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2075 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2076 linklist_previous->next = (*linklist_current);
2077 (*linklist_current) = linklist_previous;
2079 if (((*linklist_current)->attribute = calloc(1,
2080 strlen(Attribute) + 1)) == NULL)
2083 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2084 strcpy((*linklist_current)->attribute, Attribute);
2088 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2090 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2093 memset((*linklist_current)->value, '\0', ber_length);
2094 memcpy((*linklist_current)->value,
2095 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2096 (*linklist_current)->length = ber_length;
2100 if (((*linklist_current)->value = calloc(1,
2101 strlen(*Ptr) + 1)) == NULL)
2104 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2105 (*linklist_current)->length = strlen(*Ptr);
2106 strcpy((*linklist_current)->value, *Ptr);
2109 (*linklist_current)->ber_value = use_bervalue;
2111 if (((*linklist_current)->dn = calloc(1,
2112 strlen(distinguished_name) + 1)) == NULL)
2115 memset((*linklist_current)->dn, '\0',
2116 strlen(distinguished_name) + 1);
2117 strcpy((*linklist_current)->dn, distinguished_name);
2120 if (!strcmp(Attribute, "objectGUID"))
2122 guid = (GUID *)((*linklist_current)->value);
2124 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2125 guid->Data1, guid->Data2, guid->Data3,
2126 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2127 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2128 guid->Data4[6], guid->Data4[7]);
2129 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2131 else if (!strcmp(Attribute, "objectSid"))
2133 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2136 print_to_screen(" Revision = %d\n", sid->Revision);
2137 print_to_screen(" SID Identifier Authority:\n");
2138 sid_auth = &sid->IdentifierAuthority;
2139 if (sid_auth->Value[0])
2140 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2141 else if (sid_auth->Value[1])
2142 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2143 else if (sid_auth->Value[2])
2144 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2145 else if (sid_auth->Value[3])
2146 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2147 else if (sid_auth->Value[5])
2148 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2150 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2151 subauth_count = GetSidSubAuthorityCount(sid);
2152 print_to_screen(" SidSubAuthorityCount = %d\n",
2154 print_to_screen(" SidSubAuthority:\n");
2155 for (i = 0; i < *subauth_count; i++)
2157 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2158 print_to_screen(" %u\n", *subauth);
2162 else if ((!memcmp(Attribute, "userAccountControl",
2163 strlen("userAccountControl"))) ||
2164 (!memcmp(Attribute, "sAMAccountType",
2165 strlen("sAmAccountType"))))
2167 intValue = atoi(*Ptr);
2168 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2170 if (!memcmp(Attribute, "userAccountControl",
2171 strlen("userAccountControl")))
2173 if (intValue & UF_ACCOUNTDISABLE)
2174 print_to_screen(" %20s : %s\n",
2175 "", "Account disabled");
2177 print_to_screen(" %20s : %s\n",
2178 "", "Account active");
2179 if (intValue & UF_HOMEDIR_REQUIRED)
2180 print_to_screen(" %20s : %s\n",
2181 "", "Home directory required");
2182 if (intValue & UF_LOCKOUT)
2183 print_to_screen(" %20s : %s\n",
2184 "", "Account locked out");
2185 if (intValue & UF_PASSWD_NOTREQD)
2186 print_to_screen(" %20s : %s\n",
2187 "", "No password required");
2188 if (intValue & UF_PASSWD_CANT_CHANGE)
2189 print_to_screen(" %20s : %s\n",
2190 "", "Cannot change password");
2191 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2192 print_to_screen(" %20s : %s\n",
2193 "", "Temp duplicate account");
2194 if (intValue & UF_NORMAL_ACCOUNT)
2195 print_to_screen(" %20s : %s\n",
2196 "", "Normal account");
2197 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2198 print_to_screen(" %20s : %s\n",
2199 "", "Interdomain trust account");
2200 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2201 print_to_screen(" %20s : %s\n",
2202 "", "Workstation trust account");
2203 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2204 print_to_screen(" %20s : %s\n",
2205 "", "Server trust account");
2210 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2212 #endif /*LDAP_DEBUG*/
2215 if (str_value != NULL)
2216 ldap_value_free(str_value);
2218 if (ber_value != NULL)
2219 ldap_value_free_len(ber_value);
2222 (*linklist_current) = linklist_previous;
2227 int moira_connect(void)
2232 if (!mr_connections++)
2236 memset(HostName, '\0', sizeof(HostName));
2237 strcpy(HostName, "ttsp");
2238 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2242 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2251 int check_winad(void)
2255 for (i = 0; file_exists(STOP_FILE); i++)
2259 critical_alert("AD incremental",
2260 "WINAD incremental failed (%s exists): %s",
2261 STOP_FILE, tbl_buf);
2271 int moira_disconnect(void)
2274 if (!--mr_connections)
2282 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2283 char *distinguished_name)
2287 CName = ldap_get_dn(ldap_handle, ldap_entry);
2292 strcpy(distinguished_name, CName);
2293 ldap_memfree(CName);
2296 int linklist_create_entry(char *attribute, char *value,
2297 LK_ENTRY **linklist_entry)
2299 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2301 if (!(*linklist_entry))
2306 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2307 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2308 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2309 strcpy((*linklist_entry)->attribute, attribute);
2310 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2311 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2312 strcpy((*linklist_entry)->value, value);
2313 (*linklist_entry)->length = strlen(value);
2314 (*linklist_entry)->next = NULL;
2319 void print_to_screen(const char *fmt, ...)
2323 va_start(pvar, fmt);
2324 vfprintf(stderr, fmt, pvar);
2329 int get_group_membership(char *group_membership, char *group_ou,
2330 int *security_flag, char **av)
2335 maillist_flag = atoi(av[L_MAILLIST]);
2336 group_flag = atoi(av[L_GROUP]);
2338 if (security_flag != NULL)
2339 (*security_flag) = 0;
2341 if ((maillist_flag) && (group_flag))
2343 if (group_membership != NULL)
2344 group_membership[0] = 'B';
2346 if (security_flag != NULL)
2347 (*security_flag) = 1;
2349 if (group_ou != NULL)
2350 strcpy(group_ou, group_ou_both);
2352 else if ((!maillist_flag) && (group_flag))
2354 if (group_membership != NULL)
2355 group_membership[0] = 'S';
2357 if (security_flag != NULL)
2358 (*security_flag) = 1;
2360 if (group_ou != NULL)
2361 strcpy(group_ou, group_ou_security);
2363 else if ((maillist_flag) && (!group_flag))
2365 if (group_membership != NULL)
2366 group_membership[0] = 'D';
2368 if (group_ou != NULL)
2369 strcpy(group_ou, group_ou_distribution);
2373 if (group_membership != NULL)
2374 group_membership[0] = 'N';
2376 if (group_ou != NULL)
2377 strcpy(group_ou, group_ou_neither);
2383 int group_rename(LDAP *ldap_handle, char *dn_path,
2384 char *before_group_name, char *before_group_membership,
2385 char *before_group_ou, int before_security_flag,
2386 char *before_desc, char *after_group_name,
2387 char *after_group_membership, char *after_group_ou,
2388 int after_security_flag, char *after_desc,
2389 char *MoiraId, char *filter, char *maillist)
2394 char new_dn_path[512];
2397 char mail_nickname[256];
2398 char proxy_address[256];
2399 char address_book[256];
2400 char *attr_array[3];
2401 char *mitMoiraId_v[] = {NULL, NULL};
2402 char *name_v[] = {NULL, NULL};
2403 char *samAccountName_v[] = {NULL, NULL};
2404 char *groupTypeControl_v[] = {NULL, NULL};
2405 char *mail_v[] = {NULL, NULL};
2406 char *proxy_address_v[] = {NULL, NULL};
2407 char *mail_nickname_v[] = {NULL, NULL};
2408 char *report_to_originator_v[] = {NULL, NULL};
2409 char *address_book_v[] = {NULL, NULL};
2410 char *legacy_exchange_dn_v[] = {NULL, NULL};
2411 u_int groupTypeControl;
2412 char groupTypeControlStr[80];
2413 char contact_mail[256];
2417 LK_ENTRY *group_base;
2419 int MailDisabled = 0;
2421 if(UseGroupUniversal)
2422 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2424 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2426 if (!check_string(before_group_name))
2429 "Unable to process invalid LDAP list name %s",
2431 return(AD_INVALID_NAME);
2434 if (!check_string(after_group_name))
2437 "Unable to process invalid LDAP list name %s", after_group_name);
2438 return(AD_INVALID_NAME);
2448 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2449 attr_array[0] = "cn";
2450 attr_array[1] = NULL;
2452 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2453 &group_base, &group_count,
2454 LDAP_SCOPE_SUBTREE)) != 0)
2456 com_err(whoami, 0, "Unable to process group %s : %s",
2457 after_group_name, ldap_err2string(rc));
2463 com_err(whoami, 0, "Object already exists with name %s",
2468 linklist_free(group_base);
2477 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2478 before_group_membership,
2479 MoiraId, "samAccountName", &group_base,
2480 &group_count, filter))
2483 if (group_count == 0)
2485 return(AD_NO_GROUPS_FOUND);
2488 if (group_count != 1)
2490 com_err(whoami, 0, "Unable to process multiple groups with "
2491 "MoiraId = %s exist in the AD", MoiraId);
2492 return(AD_MULTIPLE_GROUPS_FOUND);
2495 strcpy(old_dn, group_base->dn);
2497 linklist_free(group_base);
2500 attr_array[0] = "sAMAccountName";
2501 attr_array[1] = NULL;
2503 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2504 &group_base, &group_count,
2505 LDAP_SCOPE_SUBTREE)) != 0)
2507 com_err(whoami, 0, "Unable to get list %s dn : %s",
2508 after_group_name, ldap_err2string(rc));
2512 if (group_count != 1)
2515 "Unable to get sAMAccountName for group %s",
2517 return(AD_LDAP_FAILURE);
2520 strcpy(sam_name, group_base->value);
2521 linklist_free(group_base);
2525 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2526 sprintf(new_dn, "cn=%s", after_group_name);
2527 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2528 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2529 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2530 lowercase(ldap_domain));
2531 sprintf(mail_nickname, "%s", after_group_name);
2533 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2535 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2536 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2538 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2539 before_group_name, after_group_name, ldap_err2string(rc));
2543 name_v[0] = after_group_name;
2545 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2546 group_suffix, strlen(group_suffix)))
2548 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2553 "Unable to rename list from %s to %s : sAMAccountName not found",
2554 before_group_name, after_group_name);
2558 samAccountName_v[0] = sam_name;
2560 if (after_security_flag)
2561 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2563 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2564 groupTypeControl_v[0] = groupTypeControlStr;
2565 mitMoiraId_v[0] = MoiraId;
2567 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2568 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2571 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2572 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2573 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2578 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2580 mail_nickname_v[0] = mail_nickname;
2581 proxy_address_v[0] = proxy_address;
2583 report_to_originator_v[0] = "TRUE";
2585 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2586 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2587 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("reportToOriginator", report_to_originator_v,
2593 mail_nickname_v[0] = NULL;
2594 proxy_address_v[0] = NULL;
2596 legacy_exchange_dn_v[0] = NULL;
2597 address_book_v[0] = NULL;
2598 report_to_originator_v[0] = NULL;
2600 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2601 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2602 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2603 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2604 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2605 ADD_ATTR("reportToOriginator", report_to_originator_v,
2611 if(atoi(maillist) && email_isvalid(contact_mail))
2613 mail_v[0] = contact_mail;
2614 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2620 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2623 "Unable to modify list data for %s after renaming: %s",
2624 after_group_name, ldap_err2string(rc));
2627 for (i = 0; i < n; i++)
2633 int group_create(int ac, char **av, void *ptr)
2638 char new_group_name[256];
2639 char sam_group_name[256];
2640 char cn_group_name[256];
2642 char contact_mail[256];
2643 char mail_nickname[256];
2644 char proxy_address[256];
2645 char address_book[256];
2646 char *cn_v[] = {NULL, NULL};
2647 char *objectClass_v[] = {"top", "group", NULL};
2648 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2649 "group", "mailRecipient", NULL};
2651 char *samAccountName_v[] = {NULL, NULL};
2652 char *altSecurityIdentities_v[] = {NULL, NULL};
2653 char *member_v[] = {NULL, NULL};
2654 char *name_v[] = {NULL, NULL};
2655 char *desc_v[] = {NULL, NULL};
2656 char *info_v[] = {NULL, NULL};
2657 char *mitMoiraId_v[] = {NULL, NULL};
2658 char *mitMoiraPublic_v[] = {NULL, NULL};
2659 char *mitMoiraHidden_v[] = {NULL, NULL};
2660 char *groupTypeControl_v[] = {NULL, NULL};
2661 char *mail_v[] = {NULL, NULL};
2662 char *proxy_address_v[] = {NULL, NULL};
2663 char *mail_nickname_v[] = {NULL, NULL};
2664 char *report_to_originator_v[] = {NULL, NULL};
2665 char *address_book_v[] = {NULL, NULL};
2666 char *legacy_exchange_dn_v[] = {NULL, NULL};
2667 char *gidNumber_v[] = {NULL, NULL};
2668 char groupTypeControlStr[80];
2669 char group_membership[1];
2672 u_int groupTypeControl;
2676 int MailDisabled = 0;
2678 LK_ENTRY *group_base;
2681 char *attr_array[3];
2685 if(UseGroupUniversal)
2686 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2688 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2690 if (!check_string(av[L_NAME]))
2692 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2694 return(AD_INVALID_NAME);
2697 updateGroup = (int)call_args[4];
2698 memset(group_ou, 0, sizeof(group_ou));
2699 memset(group_membership, 0, sizeof(group_membership));
2702 get_group_membership(group_membership, group_ou, &security_flag, av);
2704 strcpy(new_group_name, av[L_NAME]);
2705 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2706 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2707 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2708 sprintf(mail_nickname, "%s", av[L_NAME]);
2711 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2713 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2717 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2718 groupTypeControl_v[0] = groupTypeControlStr;
2720 strcpy(cn_group_name, av[L_NAME]);
2722 samAccountName_v[0] = sam_group_name;
2723 name_v[0] = new_group_name;
2724 cn_v[0] = new_group_name;
2727 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2731 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2735 mitMoiraPublic_v[0] = av[L_PUBLIC];
2736 mitMoiraHidden_v[0] = av[L_HIDDEN];
2737 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2738 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2739 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2741 if(atoi(av[L_GROUP]))
2743 gidNumber_v[0] = av[L_GID];
2744 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2748 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2749 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2750 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2754 if(atoi(av[L_MAILLIST]))
2759 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2760 attr_array[0] = "cn";
2761 attr_array[1] = NULL;
2763 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2764 filter, attr_array, &group_base,
2766 LDAP_SCOPE_SUBTREE)) != 0)
2768 com_err(whoami, 0, "Unable to process group %s : %s",
2769 av[L_NAME], ldap_err2string(rc));
2775 com_err(whoami, 0, "Object already exists with name %s",
2780 linklist_free(group_base);
2785 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2787 mail_nickname_v[0] = mail_nickname;
2788 report_to_originator_v[0] = "TRUE";
2790 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2791 ADD_ATTR("reportToOriginator", report_to_originator_v,
2797 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2799 mail_v[0] = contact_mail;
2800 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2804 if (strlen(av[L_DESC]) != 0)
2806 desc_v[0] = av[L_DESC];
2807 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2810 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2812 if (strlen(av[L_ACE_NAME]) != 0)
2814 sprintf(info, "The Administrator of this list is: %s",
2817 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2820 if (strlen(call_args[5]) != 0)
2822 mitMoiraId_v[0] = call_args[5];
2823 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2828 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2830 for (i = 0; i < n; i++)
2833 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2835 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2836 av[L_NAME], ldap_err2string(rc));
2842 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2844 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2845 "description", av[L_NAME]);
2846 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2848 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2853 if (strlen(call_args[5]) != 0)
2855 mitMoiraId_v[0] = call_args[5];
2856 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2859 if (!(atoi(av[L_ACTIVE])))
2862 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2865 if (!ActiveDirectory)
2867 mitMoiraPublic_v[0] = av[L_PUBLIC];
2868 mitMoiraHidden_v[0] = av[L_HIDDEN];
2869 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2870 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2872 if(atoi(av[L_GROUP]))
2874 gidNumber_v[0] = av[L_GID];
2875 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2879 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2885 if(atoi(av[L_MAILLIST]))
2890 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2891 attr_array[0] = "cn";
2892 attr_array[1] = NULL;
2894 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2895 filter, attr_array, &group_base,
2897 LDAP_SCOPE_SUBTREE)) != 0)
2899 com_err(whoami, 0, "Unable to process group %s : %s",
2900 av[L_NAME], ldap_err2string(rc));
2906 com_err(whoami, 0, "Object already exists with name %s",
2911 linklist_free(group_base);
2916 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2918 mail_nickname_v[0] = mail_nickname;
2919 report_to_originator_v[0] = "TRUE";
2921 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2922 ADD_ATTR("reportToOriginator", report_to_originator_v,
2928 mail_nickname_v[0] = NULL;
2929 proxy_address_v[0] = NULL;
2930 legacy_exchange_dn_v[0] = NULL;
2931 address_book_v[0] = NULL;
2932 report_to_originator_v[0] = NULL;
2934 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2935 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2936 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2937 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2939 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2940 ADD_ATTR("reportToOriginator", report_to_originator_v,
2946 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2948 mail_v[0] = contact_mail;
2949 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2954 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2963 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2965 for (i = 0; i < n; i++)
2968 if (rc != LDAP_SUCCESS)
2970 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2971 av[L_NAME], ldap_err2string(rc));
2978 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2979 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2981 return(LDAP_SUCCESS);
2984 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2985 char *TargetGroupName, int HiddenGroup,
2986 char *AceType, char *AceName)
2988 char filter_exp[1024];
2989 char *attr_array[5];
2990 char search_path[512];
2992 char TemplateDn[512];
2993 char TemplateSamName[128];
2995 char TargetSamName[128];
2996 char AceSamAccountName[128];
2998 unsigned char AceSid[128];
2999 unsigned char UserTemplateSid[128];
3000 char acBERBuf[N_SD_BER_BYTES];
3001 char GroupSecurityTemplate[256];
3002 char hide_addres_lists[256];
3003 char address_book[256];
3004 char *hide_address_lists_v[] = {NULL, NULL};
3005 char *address_book_v[] = {NULL, NULL};
3006 char *owner_v[] = {NULL, NULL};
3008 int UserTemplateSidCount;
3015 int array_count = 0;
3017 LK_ENTRY *group_base;
3018 LDAP_BERVAL **ppsValues;
3019 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3020 { N_SD_BER_BYTES, acBERBuf },
3023 LDAPControl *apsServerControls[] = {&sControl, NULL};
3026 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3027 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3028 BEREncodeSecurityBits(dwInfo, acBERBuf);
3030 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3031 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3032 attr_array[0] = "sAMAccountName";
3033 attr_array[1] = NULL;
3037 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3038 &group_base, &group_count,
3039 LDAP_SCOPE_SUBTREE) != 0))
3042 if (group_count != 1)
3044 linklist_free(group_base);
3048 strcpy(TargetDn, group_base->dn);
3049 strcpy(TargetSamName, group_base->value);
3050 linklist_free(group_base);
3054 UserTemplateSidCount = 0;
3055 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3056 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3057 memset(AceSid, '\0', sizeof(AceSid));
3062 if (strlen(AceName) != 0)
3064 if (!strcmp(AceType, "LIST"))
3066 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3067 strcpy(root_ou, group_ou_root);
3069 else if (!strcmp(AceType, "USER"))
3071 sprintf(AceSamAccountName, "%s", AceName);
3072 strcpy(root_ou, user_ou);
3075 if (ActiveDirectory)
3077 if (strlen(AceSamAccountName) != 0)
3079 sprintf(search_path, "%s", dn_path);
3080 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3081 attr_array[0] = "objectSid";
3082 attr_array[1] = NULL;
3086 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3087 attr_array, &group_base, &group_count,
3088 LDAP_SCOPE_SUBTREE) != 0))
3090 if (group_count == 1)
3092 strcpy(AceDn, group_base->dn);
3093 AceSidCount = group_base->length;
3094 memcpy(AceSid, group_base->value, AceSidCount);
3096 linklist_free(group_base);
3103 if (strlen(AceSamAccountName) != 0)
3105 sprintf(search_path, "%s", dn_path);
3106 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3107 attr_array[0] = "samAccountName";
3108 attr_array[1] = NULL;
3112 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3113 attr_array, &group_base, &group_count,
3114 LDAP_SCOPE_SUBTREE) != 0))
3116 if (group_count == 1)
3118 strcpy(AceDn, group_base->dn);
3120 linklist_free(group_base);
3127 if (!ActiveDirectory)
3129 if (strlen(AceDn) != 0)
3131 owner_v[0] = strdup(AceDn);
3133 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3137 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3139 for (i = 0; i < n; i++)
3142 if (rc != LDAP_SUCCESS)
3143 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3144 TargetGroupName, ldap_err2string(rc));
3150 if (AceSidCount == 0)
3152 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3153 "have an AD SID.", TargetGroupName, AceName, AceType);
3154 com_err(whoami, 0, " Non-admin security group template will be used.");
3158 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3159 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3160 attr_array[0] = "objectSid";
3161 attr_array[1] = NULL;
3166 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3167 attr_array, &group_base, &group_count,
3168 LDAP_SCOPE_SUBTREE) != 0))
3171 if ((rc != 0) || (group_count != 1))
3173 com_err(whoami, 0, "Unable to process user security template: %s",
3179 UserTemplateSidCount = group_base->length;
3180 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3182 linklist_free(group_base);
3189 if (AceSidCount == 0)
3191 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3192 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3196 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3197 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3202 if (AceSidCount == 0)
3204 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3205 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3209 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3210 sprintf(filter_exp, "(sAMAccountName=%s)",
3211 NOT_HIDDEN_GROUP_WITH_ADMIN);
3215 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3216 attr_array[0] = "sAMAccountName";
3217 attr_array[1] = NULL;
3221 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3222 &group_base, &group_count,
3223 LDAP_SCOPE_SUBTREE) != 0))
3226 if (group_count != 1)
3228 linklist_free(group_base);
3229 com_err(whoami, 0, "Unable to process group security template: %s - "
3230 "security not set", GroupSecurityTemplate);
3234 strcpy(TemplateDn, group_base->dn);
3235 strcpy(TemplateSamName, group_base->value);
3236 linklist_free(group_base);
3240 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3241 rc = ldap_search_ext_s(ldap_handle,
3253 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3255 com_err(whoami, 0, "Unable to find group security template: %s - "
3256 "security not set", GroupSecurityTemplate);
3260 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3262 if (ppsValues == NULL)
3264 com_err(whoami, 0, "Unable to find group security descriptor for group "
3265 "%s - security not set", GroupSecurityTemplate);
3269 if (AceSidCount != 0)
3271 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3274 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3276 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3277 UserTemplateSidCount))
3279 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3287 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3288 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3294 hide_address_lists_v[0] = "TRUE";
3295 address_book_v[0] = NULL;
3296 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3298 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3300 hide_address_lists_v[0] = NULL;
3301 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3308 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3310 for (i = 0; i < n; i++)
3313 ldap_value_free_len(ppsValues);
3314 ldap_msgfree(psMsg);
3316 if (rc != LDAP_SUCCESS)
3318 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3319 TargetGroupName, ldap_err2string(rc));
3321 if (AceSidCount != 0)
3324 "Trying to set security for group %s without admin.",
3327 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3328 HiddenGroup, "", ""))
3330 com_err(whoami, 0, "Unable to set security for group %s.",
3341 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3342 char *group_membership, char *MoiraId)
3344 LK_ENTRY *group_base;
3350 if (!check_string(group_name))
3353 "Unable to process invalid LDAP list name %s", group_name);
3354 return(AD_INVALID_NAME);
3357 memset(filter, '\0', sizeof(filter));
3360 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3362 if (rc = ad_get_group(ldap_handle, temp, group_name,
3363 group_membership, MoiraId,
3364 "samAccountName", &group_base,
3365 &group_count, filter))
3368 if (group_count == 1)
3370 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3372 linklist_free(group_base);
3373 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
3374 group_name, ldap_err2string(rc));
3377 linklist_free(group_base);
3381 linklist_free(group_base);
3382 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
3383 return(AD_NO_GROUPS_FOUND);
3389 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3395 return(N_SD_BER_BYTES);
3398 int process_lists(int ac, char **av, void *ptr)
3403 char group_membership[2];
3409 memset(group_ou, '\0', sizeof(group_ou));
3410 memset(group_membership, '\0', sizeof(group_membership));
3411 get_group_membership(group_membership, group_ou, &security_flag, av);
3412 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3413 av[L_NAME], group_ou, group_membership,
3419 int member_list_build(int ac, char **av, void *ptr)
3427 strcpy(temp, av[ACE_NAME]);
3429 if (!check_string(temp))
3432 if (!strcmp(av[ACE_TYPE], "USER"))
3434 if (!((int)call_args[3] & MOIRA_USERS))
3437 else if (!strcmp(av[ACE_TYPE], "STRING"))
3441 if((s = strchr(temp, '@')) == (char *) NULL)
3443 strcat(temp, "@mit.edu");
3446 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3448 s = strrchr(temp, '.');
3450 strcat(s, ".mit.edu");
3454 if (!((int)call_args[3] & MOIRA_STRINGS))
3457 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3460 else if (!strcmp(av[ACE_TYPE], "LIST"))
3462 if (!((int)call_args[3] & MOIRA_LISTS))
3465 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3467 if (!((int)call_args[3] & MOIRA_KERBEROS))
3470 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3475 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3477 if (!((int)call_args[3] & MOIRA_MACHINE))
3483 linklist = member_base;
3487 if (!strcasecmp(temp, linklist->member) &&
3488 !strcasecmp(av[ACE_TYPE], linklist->type))
3491 linklist = linklist->next;
3494 linklist = calloc(1, sizeof(LK_ENTRY));
3496 linklist->dn = NULL;
3497 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3498 strcpy(linklist->list, call_args[2]);
3499 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3500 strcpy(linklist->type, av[ACE_TYPE]);
3501 linklist->member = calloc(1, strlen(temp) + 1);
3502 strcpy(linklist->member, temp);
3503 linklist->next = member_base;
3504 member_base = linklist;
3509 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3510 char *group_ou, char *group_membership, char *user_name,
3511 char *UserOu, char *MoiraId)
3513 char distinguished_name[1024];
3517 char *attr_array[3];
3522 LK_ENTRY *group_base;
3526 if (!check_string(group_name))
3527 return(AD_INVALID_NAME);
3529 memset(filter, '\0', sizeof(filter));
3533 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3534 group_membership, MoiraId,
3535 "samAccountName", &group_base,
3536 &group_count, filter))
3539 if (group_count != 1)
3541 com_err(whoami, 0, "Unable to find list %s in AD",
3543 linklist_free(group_base);
3549 strcpy(distinguished_name, group_base->dn);
3550 linklist_free(group_base);
3556 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3560 if(!strcmp(UserOu, user_ou))
3561 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3563 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3566 modvalues[0] = temp;
3567 modvalues[1] = NULL;
3570 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3572 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3574 for (i = 0; i < n; i++)
3577 if (rc == LDAP_UNWILLING_TO_PERFORM)
3580 if (rc != LDAP_SUCCESS)
3582 com_err(whoami, 0, "Unable to modify list %s members : %s",
3583 group_name, ldap_err2string(rc));
3587 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3591 if(!strcmp(UserOu, contact_ou) &&
3592 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3594 memset(temp, '\0', sizeof(temp));
3595 strcpy(temp, user_name);
3596 s = strchr(temp, '@');
3599 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3601 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3602 &group_base, &group_count,
3603 LDAP_SCOPE_SUBTREE) != 0))
3609 linklist_free(group_base);
3614 sprintf(filter, "(distinguishedName=%s)", temp);
3615 attr_array[0] = "memberOf";
3616 attr_array[1] = NULL;
3618 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3619 &group_base, &group_count,
3620 LDAP_SCOPE_SUBTREE) != 0))
3626 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3628 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3638 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3639 char *group_ou, char *group_membership, char *user_name,
3640 char *UserOu, char *MoiraId)
3642 char distinguished_name[1024];
3650 LK_ENTRY *group_base;
3653 if (!check_string(group_name))
3654 return(AD_INVALID_NAME);
3657 memset(filter, '\0', sizeof(filter));
3661 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3662 group_membership, MoiraId,
3663 "samAccountName", &group_base,
3664 &group_count, filter))
3667 if (group_count != 1)
3669 linklist_free(group_base);
3672 com_err(whoami, 0, "Unable to find list %s %d in AD",
3673 group_name, group_count);
3674 return(AD_MULTIPLE_GROUPS_FOUND);
3677 strcpy(distinguished_name, group_base->dn);
3678 linklist_free(group_base);
3684 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3688 if(!strcmp(UserOu, user_ou))
3689 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3691 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3694 modvalues[0] = temp;
3695 modvalues[1] = NULL;
3698 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3700 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3702 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3705 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3707 if (rc == LDAP_UNWILLING_TO_PERFORM)
3711 for (i = 0; i < n; i++)
3714 if (rc != LDAP_SUCCESS)
3716 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3717 user_name, group_name, ldap_err2string(rc));
3723 int contact_remove_email(LDAP *ld, char *bind_path,
3724 LK_ENTRY **linklist_base, int linklist_current)
3728 char *mail_v[] = {NULL, NULL};
3736 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3737 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3738 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3739 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3742 gPtr = (*linklist_base);
3745 rc = ldap_modify_s(ld, gPtr->dn, mods);
3747 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3749 com_err(whoami, 0, "Unable to modify contact %s in AD : %s",
3750 gPtr->dn, ldap_err2string(rc));
3757 for (i = 0; i < n; i++)
3763 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3766 LK_ENTRY *group_base;
3769 char cn_user_name[256];
3770 char contact_name[256];
3771 char mail_nickname[256];
3772 char proxy_address_internal[256];
3773 char proxy_address_external[256];
3774 char target_address[256];
3775 char internal_contact_name[256];
3778 char principal[256];
3779 char mit_address_book[256];
3780 char default_address_book[256];
3781 char contact_address_book[256];
3783 char *email_v[] = {NULL, NULL};
3784 char *cn_v[] = {NULL, NULL};
3785 char *contact_v[] = {NULL, NULL};
3786 char *uid_v[] = {NULL, NULL};
3787 char *mail_nickname_v[] = {NULL, NULL};
3788 char *proxy_address_internal_v[] = {NULL, NULL};
3789 char *proxy_address_external_v[] = {NULL, NULL};
3790 char *target_address_v[] = {NULL, NULL};
3791 char *mit_address_book_v[] = {NULL, NULL};
3792 char *default_address_book_v[] = {NULL, NULL};
3793 char *contact_address_book_v[] = {NULL, NULL};
3794 char *hide_address_lists_v[] = {NULL, NULL};
3795 char *attr_array[3];
3796 char *objectClass_v[] = {"top", "person",
3797 "organizationalPerson",
3799 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3800 "inetOrgPerson", "organizationalPerson",
3801 "contact", "mailRecipient", "eduPerson",
3803 char *name_v[] = {NULL, NULL};
3804 char *desc_v[] = {NULL, NULL};
3811 char *mail_routing_v[] = {NULL, NULL};
3812 char *principal_v[] = {NULL, NULL};
3814 if (!check_string(user))
3816 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3817 return(AD_INVALID_NAME);
3821 strcpy(contact_name, mail);
3822 strcpy(internal_contact_name, mail);
3824 if((s = strchr(internal_contact_name, '@')) != NULL) {
3828 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3831 sprintf(target_address, "SMTP:%s", contact_name);
3832 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3833 sprintf(mail_nickname, "%s", internal_contact_name);
3835 cn_v[0] = cn_user_name;
3836 contact_v[0] = contact_name;
3839 desc_v[0] = "Auto account created by Moira";
3841 proxy_address_internal_v[0] = proxy_address_internal;
3842 proxy_address_external_v[0] = proxy_address_external;
3843 mail_nickname_v[0] = mail_nickname;
3844 target_address_v[0] = target_address;
3845 mit_address_book_v[0] = mit_address_book;
3846 default_address_book_v[0] = default_address_book;
3847 contact_address_book_v[0] = contact_address_book;
3848 strcpy(new_dn, cn_user_name);
3851 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3853 if(!ActiveDirectory)
3855 if(!strcmp(group_ou, contact_ou))
3856 sprintf(uid, "%s%s", contact_name, "_strings");
3858 if(!strcmp(group_ou, kerberos_ou))
3859 sprintf(uid, "%s%s", contact_name, "_kerberos");
3863 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3864 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3869 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3873 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3876 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3877 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3878 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3882 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3887 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3888 attr_array[0] = "cn";
3889 attr_array[1] = NULL;
3891 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3892 &group_base, &group_count,
3893 LDAP_SCOPE_SUBTREE)) != 0)
3895 com_err(whoami, 0, "Unable to process contact %s : %s",
3896 user, ldap_err2string(rc));
3902 com_err(whoami, 0, "Object already exists with name %s",
3907 linklist_free(group_base);
3911 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3912 attr_array[0] = "cn";
3913 attr_array[1] = NULL;
3915 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3916 &group_base, &group_count,
3917 LDAP_SCOPE_SUBTREE)) != 0)
3919 com_err(whoami, 0, "Unable to process contact %s : %s",
3920 user, ldap_err2string(rc));
3926 com_err(whoami, 0, "Object already exists with name %s",
3931 linklist_free(group_base);
3935 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3936 attr_array[0] = "cn";
3937 attr_array[1] = NULL;
3939 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3940 &group_base, &group_count,
3941 LDAP_SCOPE_SUBTREE)) != 0)
3943 com_err(whoami, 0, "Unable to process contact %s : %s",
3944 user, ldap_err2string(rc));
3950 com_err(whoami, 0, "Object already exists with name %s",
3955 linklist_free(group_base);
3959 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3960 attr_array[0] = "cn";
3961 attr_array[1] = NULL;
3963 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3964 &group_base, &group_count,
3965 LDAP_SCOPE_SUBTREE)) != 0)
3967 com_err(whoami, 0, "Unable to process contact %s : %s",
3968 user, ldap_err2string(rc));
3974 com_err(whoami, 0, "Object already exists with name %s",
3979 linklist_free(group_base);
3983 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
3984 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
3985 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
3986 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
3988 hide_address_lists_v[0] = "TRUE";
3989 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3994 if(!ActiveDirectory)
3996 if((c = strchr(mail, '@')) == NULL)
3997 sprintf(temp, "%s@mit.edu", mail);
3999 sprintf(temp, "%s", mail);
4001 mail_routing_v[0] = temp;
4003 principal_v[0] = principal;
4005 if(!strcmp(group_ou, contact_ou))
4007 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4008 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4014 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4016 for (i = 0; i < n; i++)
4021 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4022 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4026 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4027 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4028 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4030 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4032 hide_address_lists_v[0] = "TRUE";
4033 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4037 rc = ldap_modify_s(ld, new_dn, mods);
4041 com_err(whoami, 0, "Unable to update contact %s", mail);
4044 for (i = 0; i < n; i++)
4049 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4051 com_err(whoami, 0, "Unable to create contact %s : %s",
4052 user, ldap_err2string(rc));
4059 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4060 char *Uid, char *MitId, char *MoiraId, int State,
4061 char *WinHomeDir, char *WinProfileDir, char *first,
4062 char *middle, char *last, char *shell, char *class)
4065 LK_ENTRY *group_base;
4067 char distinguished_name[512];
4068 char displayName[256];
4069 char *mitMoiraId_v[] = {NULL, NULL};
4070 char *mitMoiraClass_v[] = {NULL, NULL};
4071 char *mitMoiraStatus_v[] = {NULL, NULL};
4072 char *uid_v[] = {NULL, NULL};
4073 char *mitid_v[] = {NULL, NULL};
4074 char *homedir_v[] = {NULL, NULL};
4075 char *winProfile_v[] = {NULL, NULL};
4076 char *drives_v[] = {NULL, NULL};
4077 char *userAccountControl_v[] = {NULL, NULL};
4078 char *alt_recipient_v[] = {NULL, NULL};
4079 char *hide_address_lists_v[] = {NULL, NULL};
4080 char *mail_v[] = {NULL, NULL};
4081 char *gid_v[] = {NULL, NULL};
4082 char *loginshell_v[] = {NULL, NULL};
4083 char *principal_v[] = {NULL, NULL};
4084 char userAccountControlStr[80];
4089 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4090 UF_PASSWD_CANT_CHANGE;
4092 char *attr_array[3];
4095 char contact_mail[256];
4096 char filter_exp[1024];
4097 char search_path[512];
4098 char TemplateDn[512];
4099 char TemplateSamName[128];
4100 char alt_recipient[256];
4101 char principal[256];
4103 char acBERBuf[N_SD_BER_BYTES];
4104 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4105 { N_SD_BER_BYTES, acBERBuf },
4107 LDAPControl *apsServerControls[] = {&sControl, NULL};
4109 LDAP_BERVAL **ppsValues;
4113 char *homeServerName;
4115 char search_string[256];
4117 char *mail_routing_v[] = {NULL, NULL};
4120 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4121 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4122 BEREncodeSecurityBits(dwInfo, acBERBuf);
4124 if (!check_string(user_name))
4126 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4128 return(AD_INVALID_NAME);
4131 memset(contact_mail, '\0', sizeof(contact_mail));
4132 sprintf(contact_mail, "%s@mit.edu", user_name);
4133 memset(mail, '\0', sizeof(mail));
4134 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4135 memset(alt_recipient, '\0', sizeof(alt_recipient));
4136 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4138 sprintf(search_string, "@%s", uppercase(ldap_domain));
4142 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4144 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4151 memset(displayName, '\0', sizeof(displayName));
4153 if (strlen(MoiraId) != 0)
4157 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4162 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4165 attr_array[0] = "cn";
4166 attr_array[1] = NULL;
4167 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4168 &group_base, &group_count,
4169 LDAP_SCOPE_SUBTREE)) != 0)
4171 com_err(whoami, 0, "Unable to process user %s : %s",
4172 user_name, ldap_err2string(rc));
4177 if (group_count != 1)
4179 linklist_free(group_base);
4182 sprintf(filter, "(sAMAccountName=%s)", user_name);
4183 attr_array[0] = "cn";
4184 attr_array[1] = NULL;
4185 sprintf(temp, "%s,%s", user_ou, dn_path);
4186 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4187 &group_base, &group_count,
4188 LDAP_SCOPE_SUBTREE)) != 0)
4190 com_err(whoami, 0, "Unable to process user %s : %s",
4191 user_name, ldap_err2string(rc));
4196 if (group_count != 1)
4198 com_err(whoami, 0, "Unable to find user %s in AD",
4200 linklist_free(group_base);
4201 return(AD_NO_USER_FOUND);
4204 strcpy(distinguished_name, group_base->dn);
4206 linklist_free(group_base);
4209 if(!ActiveDirectory)
4211 if (rc = moira_connect())
4213 critical_alert("AD incremental",
4214 "Error contacting Moira server : %s",
4219 argv[0] = user_name;
4221 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4224 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4226 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4228 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4233 "Unable to set the mailRoutingAddress for %s : %s",
4234 user_name, ldap_err2string(rc));
4236 p = strdup(save_argv[3]);
4238 if((c = strchr(p, ',')) != NULL)
4243 if ((c = strchr(q, '@')) == NULL)
4244 sprintf(temp, "%s@mit.edu", q);
4246 sprintf(temp, "%s", q);
4248 if(email_isvalid(temp) && State != US_DELETED)
4250 mail_routing_v[0] = temp;
4253 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4255 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4257 if (rc == LDAP_ALREADY_EXISTS ||
4258 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4263 "Unable to set the mailRoutingAddress for %s : %s",
4264 user_name, ldap_err2string(rc));
4267 while((q = strtok(NULL, ",")) != NULL) {
4270 if((c = strchr(q, '@')) == NULL)
4271 sprintf(temp, "%s@mit.edu", q);
4273 sprintf(temp, "%s", q);
4275 if(email_isvalid(temp) && State != US_DELETED)
4277 mail_routing_v[0] = temp;
4280 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4283 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4285 if (rc == LDAP_ALREADY_EXISTS ||
4286 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4291 "Unable to set the mailRoutingAddress for "
4293 user_name, ldap_err2string(rc));
4299 if((c = strchr(p, '@')) == NULL)
4300 sprintf(temp, "%s@mit.edu", p);
4302 sprintf(temp, "%s", p);
4304 if(email_isvalid(temp) && State != US_DELETED)
4306 mail_routing_v[0] = temp;
4309 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4311 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4313 if (rc == LDAP_ALREADY_EXISTS ||
4314 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4319 "Unable to set the mailRoutingAddress for %s : %s",
4320 user_name, ldap_err2string(rc));
4327 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4328 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4329 "employeeID", user_name);
4331 rc = attribute_update(ldap_handle, distinguished_name, "none",
4332 "employeeID", user_name);
4335 strcat(displayName, first);
4338 if(strlen(middle)) {
4340 strcat(displayName, " ");
4342 strcat(displayName, middle);
4346 if(strlen(middle) || strlen(first))
4347 strcat(displayName, " ");
4349 strcat(displayName, last);
4352 if(strlen(displayName))
4353 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4354 "displayName", user_name);
4356 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4357 "displayName", user_name);
4359 if(!ActiveDirectory)
4361 if(strlen(displayName))
4362 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4365 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4369 if(!ActiveDirectory)
4371 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4372 "eduPersonNickname", user_name);
4376 rc = attribute_update(ldap_handle, distinguished_name, first,
4377 "givenName", user_name);
4379 rc = attribute_update(ldap_handle, distinguished_name, "",
4380 "givenName", user_name);
4382 if(strlen(middle) == 1)
4383 rc = attribute_update(ldap_handle, distinguished_name, middle,
4384 "initials", user_name);
4386 rc = attribute_update(ldap_handle, distinguished_name, "",
4387 "initials", user_name);
4390 rc = attribute_update(ldap_handle, distinguished_name, last,
4393 rc = attribute_update(ldap_handle, distinguished_name, "",
4398 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4403 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4407 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4408 "mitMoiraId", user_name);
4417 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4421 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4426 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4427 sprintf(status, "%d", State);
4428 principal_v[0] = principal;
4429 loginshell_v[0] = shell;
4430 mitMoiraClass_v[0] = class;
4431 mitMoiraStatus_v[0] = status;
4433 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4434 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4435 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4436 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4437 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4438 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4441 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4443 userAccountControl |= UF_ACCOUNTDISABLE;
4447 hide_address_lists_v[0] = "TRUE";
4448 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4456 hide_address_lists_v[0] = NULL;
4457 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4462 sprintf(userAccountControlStr, "%ld", userAccountControl);
4463 userAccountControl_v[0] = userAccountControlStr;
4464 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4468 if (rc = moira_connect())
4470 critical_alert("AD incremental",
4471 "Error contacting Moira server : %s",
4476 argv[0] = user_name;
4478 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4480 if(!strcmp(save_argv[1], "EXCHANGE") ||
4481 (strstr(save_argv[3], search_string) != NULL))
4483 alt_recipient_v[0] = NULL;
4484 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4486 argv[0] = exchange_acl;
4488 argv[2] = user_name;
4490 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4492 if ((rc) && (rc != MR_EXISTS))
4494 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4495 user_name, exchange_acl, error_message(rc));
4500 alt_recipient_v[0] = alt_recipient;
4501 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4503 argv[0] = exchange_acl;
4505 argv[2] = user_name;
4507 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4509 if ((rc) && (rc != MR_NO_MATCH))
4512 "Unable to remove user %s from %s: %s, %d",
4513 user_name, exchange_acl, error_message(rc), rc);
4519 alt_recipient_v[0] = alt_recipient;
4520 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4522 argv[0] = exchange_acl;
4524 argv[2] = user_name;
4526 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4528 if ((rc) && (rc != MR_NO_MATCH))
4531 "Unable to remove user %s from %s: %s, %d",
4532 user_name, exchange_acl, error_message(rc), rc);
4540 mail_v[0] = contact_mail;
4541 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4544 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4545 WinProfileDir, homedir_v, winProfile_v,
4546 drives_v, mods, LDAP_MOD_REPLACE, n);
4550 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4551 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4552 attr_array[0] = "sAMAccountName";
4553 attr_array[1] = NULL;
4557 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4559 &group_base, &group_count,
4560 LDAP_SCOPE_SUBTREE) != 0))
4563 if (group_count != 1)
4565 com_err(whoami, 0, "Unable to process user security template: %s - "
4566 "security not set", "UserTemplate.u");
4570 strcpy(TemplateDn, group_base->dn);
4571 strcpy(TemplateSamName, group_base->value);
4572 linklist_free(group_base);
4576 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4577 filter_exp, NULL, 0, apsServerControls, NULL,
4580 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4582 com_err(whoami, 0, "Unable to find user security template: %s - "
4583 "security not set", "UserTemplate.u");
4587 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4588 "ntSecurityDescriptor");
4590 if (ppsValues == NULL)
4592 com_err(whoami, 0, "Unable to find user security template: %s - "
4593 "security not set", "UserTemplate.u");
4597 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4598 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4603 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4604 mods)) != LDAP_SUCCESS)
4606 OldUseSFU30 = UseSFU30;
4607 SwitchSFU(mods, &UseSFU30, n);
4608 if (OldUseSFU30 != UseSFU30)
4609 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4612 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4613 user_name, ldap_err2string(rc));
4617 for (i = 0; i < n; i++)
4623 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4631 char contact_mail[256];
4632 char proxy_address[256];
4633 char query_base_dn[256];
4635 char *userPrincipalName_v[] = {NULL, NULL};
4636 char *altSecurityIdentities_v[] = {NULL, NULL};
4637 char *name_v[] = {NULL, NULL};
4638 char *samAccountName_v[] = {NULL, NULL};
4639 char *mail_v[] = {NULL, NULL};
4640 char *mail_nickname_v[] = {NULL, NULL};
4641 char *proxy_address_v[] = {NULL, NULL};
4642 char *query_base_dn_v[] = {NULL, NULL};
4643 char *principal_v[] = {NULL, NULL};
4644 char principal[256];
4649 if (!check_string(before_user_name))
4652 "Unable to process invalid LDAP user name %s", before_user_name);
4653 return(AD_INVALID_NAME);
4656 if (!check_string(user_name))
4659 "Unable to process invalid LDAP user name %s", user_name);
4660 return(AD_INVALID_NAME);
4663 strcpy(user_name, user_name);
4666 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4668 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4671 sprintf(new_dn, "cn=%s", user_name);
4673 sprintf(new_dn, "uid=%s", user_name);
4675 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4676 sprintf(contact_mail, "%s@mit.edu", user_name);
4677 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4678 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4680 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4681 NULL, NULL)) != LDAP_SUCCESS)
4683 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4684 before_user_name, user_name, ldap_err2string(rc));
4690 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4693 if(rc = ldap_delete_s(ldap_handle, temp))
4695 com_err(whoami, 0, "Unable to delete user contact for %s",
4699 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4701 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4705 name_v[0] = user_name;
4706 sprintf(upn, "%s@%s", user_name, ldap_domain);
4707 userPrincipalName_v[0] = upn;
4708 principal_v[0] = principal;
4709 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4710 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4711 altSecurityIdentities_v[0] = temp;
4712 samAccountName_v[0] = user_name;
4714 mail_nickname_v[0] = user_name;
4715 proxy_address_v[0] = proxy_address;
4716 query_base_dn_v[0] = query_base_dn;
4719 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4720 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4721 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4722 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4724 if(!ActiveDirectory)
4726 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4727 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4728 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4729 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4734 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4735 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4736 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4737 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4741 mail_v[0] = contact_mail;
4742 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4748 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4750 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4752 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4755 "Unable to modify user data for %s after renaming : %s",
4756 user_name, ldap_err2string(rc));
4759 for (i = 0; i < n; i++)
4765 int user_create(int ac, char **av, void *ptr)
4769 char user_name[256];
4773 char contact_mail[256];
4774 char proxy_address[256];
4775 char mail_nickname[256];
4776 char query_base_dn[256];
4777 char displayName[256];
4778 char address_book[256];
4779 char alt_recipient[256];
4780 char *cn_v[] = {NULL, NULL};
4781 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4783 char *objectClass_ldap_v[] = {"top",
4784 "eduPerson", "posixAccount",
4785 "apple-user", "shadowAccount",
4786 "microsoftComTop", "securityPrincipal",
4787 "inetOrgPerson", "user",
4788 "organizationalPerson", "person",
4789 "mailRecipient", NULL};
4791 char *samAccountName_v[] = {NULL, NULL};
4792 char *altSecurityIdentities_v[] = {NULL, NULL};
4793 char *mitMoiraId_v[] = {NULL, NULL};
4794 char *mitMoiraClass_v[] = {NULL, NULL};
4795 char *mitMoiraStatus_v[] = {NULL, NULL};
4796 char *name_v[] = {NULL, NULL};
4797 char *desc_v[] = {NULL, NULL};
4798 char *userPrincipalName_v[] = {NULL, NULL};
4799 char *userAccountControl_v[] = {NULL, NULL};
4800 char *uid_v[] = {NULL, NULL};
4801 char *gid_v[] = {NULL, NULL};
4802 char *mitid_v[] = {NULL, NULL};
4803 char *homedir_v[] = {NULL, NULL};
4804 char *winProfile_v[] = {NULL, NULL};
4805 char *drives_v[] = {NULL, NULL};
4806 char *mail_v[] = {NULL, NULL};
4807 char *givenName_v[] = {NULL, NULL};
4808 char *sn_v[] = {NULL, NULL};
4809 char *initials_v[] = {NULL, NULL};
4810 char *displayName_v[] = {NULL, NULL};
4811 char *proxy_address_v[] = {NULL, NULL};
4812 char *mail_nickname_v[] = {NULL, NULL};
4813 char *query_base_dn_v[] = {NULL, NULL};
4814 char *address_book_v[] = {NULL, NULL};
4815 char *homeMDB_v[] = {NULL, NULL};
4816 char *homeServerName_v[] = {NULL, NULL};
4817 char *mdbUseDefaults_v[] = {NULL, NULL};
4818 char *mailbox_guid_v[] = {NULL, NULL};
4819 char *user_culture_v[] = {NULL, NULL};
4820 char *user_account_control_v[] = {NULL, NULL};
4821 char *msexch_version_v[] = {NULL, NULL};
4822 char *alt_recipient_v[] = {NULL, NULL};
4823 char *hide_address_lists_v[] = {NULL, NULL};
4824 char *principal_v[] = {NULL, NULL};
4825 char *loginshell_v[] = {NULL, NULL};
4826 char userAccountControlStr[80];
4828 char principal[256];
4829 char filter_exp[1024];
4830 char search_path[512];
4831 char *attr_array[3];
4832 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4833 UF_PASSWD_CANT_CHANGE;
4839 char WinHomeDir[1024];
4840 char WinProfileDir[1024];
4842 char *homeServerName;
4844 char acBERBuf[N_SD_BER_BYTES];
4845 LK_ENTRY *group_base;
4847 char TemplateDn[512];
4848 char TemplateSamName[128];
4849 LDAP_BERVAL **ppsValues;
4850 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4851 { N_SD_BER_BYTES, acBERBuf },
4853 LDAPControl *apsServerControls[] = {&sControl, NULL};
4857 char search_string[256];
4858 char *o_v[] = {NULL, NULL};
4860 char *mail_routing_v[] = {NULL, NULL};
4865 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4866 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4867 BEREncodeSecurityBits(dwInfo, acBERBuf);
4869 if (!check_string(av[U_NAME]))
4871 callback_rc = AD_INVALID_NAME;
4872 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4874 return(AD_INVALID_NAME);
4877 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4878 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4879 memset(displayName, '\0', sizeof(displayName));
4880 memset(query_base_dn, '\0', sizeof(query_base_dn));
4881 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4882 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4883 strcpy(user_name, av[U_NAME]);
4884 sprintf(upn, "%s@%s", user_name, ldap_domain);
4885 sprintf(sam_name, "%s", av[U_NAME]);
4887 if(strlen(av[U_FIRST])) {
4888 strcat(displayName, av[U_FIRST]);
4891 if(strlen(av[U_MIDDLE])) {
4892 if(strlen(av[U_FIRST]))
4893 strcat(displayName, " ");
4895 strcat(displayName, av[U_MIDDLE]);
4898 if(strlen(av[U_LAST])) {
4899 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4900 strcat(displayName, " ");
4902 strcat(displayName, av[U_LAST]);
4905 samAccountName_v[0] = sam_name;
4906 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4907 (atoi(av[U_STATE]) != US_REGISTERED))
4909 userAccountControl |= UF_ACCOUNTDISABLE;
4913 hide_address_lists_v[0] = "TRUE";
4914 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4919 sprintf(userAccountControlStr, "%ld", userAccountControl);
4920 userAccountControl_v[0] = userAccountControlStr;
4921 userPrincipalName_v[0] = upn;
4924 cn_v[0] = user_name;
4926 cn_v[0] = displayName;
4928 name_v[0] = user_name;
4929 desc_v[0] = "Auto account created by Moira";
4931 givenName_v[0] = av[U_FIRST];
4934 sn_v[0] = av[U_LAST];
4936 if(strlen(av[U_LAST]))
4937 sn_v[0] = av[U_LAST];
4939 sn_v[0] = av[U_NAME];
4941 displayName_v[0] = displayName;
4942 mail_nickname_v[0] = user_name;
4943 o_v[0] = "Massachusetts Institute of Technology";
4945 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4946 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4947 altSecurityIdentities_v[0] = temp;
4948 principal_v[0] = principal;
4951 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4953 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4955 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4956 sprintf(contact_mail, "%s@mit.edu", user_name);
4957 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4958 query_base_dn_v[0] = query_base_dn;
4959 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4961 sprintf(search_string, "@%s", uppercase(ldap_domain));
4965 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4968 com_err(whoami, 0, "Unable to create user contact %s",
4972 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
4975 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
4979 com_err(whoami, 0, "homeMDB:%s", homeMDB);
4980 com_err(whoami, 0, "homeServerName:%s", homeServerName);
4982 homeMDB_v[0] = homeMDB;
4983 homeServerName_v[0] = homeServerName;
4988 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
4992 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4996 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
4999 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5000 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5001 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5002 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5003 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5007 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5008 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5009 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5010 mdbUseDefaults_v[0] = "TRUE";
5011 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5012 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5014 argv[0] = user_name;
5016 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5018 if(!strcmp(save_argv[1], "EXCHANGE") ||
5019 (strstr(save_argv[3], search_string) != NULL))
5021 argv[0] = exchange_acl;
5023 argv[2] = user_name;
5025 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5027 if ((rc) && (rc != MR_EXISTS))
5029 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5030 user_name, exchange_acl, error_message(rc));
5035 alt_recipient_v[0] = alt_recipient;
5036 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5041 alt_recipient_v[0] = alt_recipient;
5042 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5044 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5049 mail_v[0] = contact_mail;
5050 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5053 if(strlen(av[U_FIRST])) {
5054 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5057 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5058 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5061 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5062 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5064 if(!ActiveDirectory)
5066 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5069 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5071 if(!ActiveDirectory)
5073 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5077 if (strlen(av[U_MIDDLE]) == 1) {
5078 initials_v[0] = av[U_MIDDLE];
5079 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5082 if (strlen(call_args[2]) != 0)
5084 mitMoiraId_v[0] = call_args[2];
5085 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5088 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5090 if(!ActiveDirectory)
5092 loginshell_v[0] = av[U_SHELL];
5093 mitMoiraClass_v[0] = av[U_CLASS];
5094 mitMoiraStatus_v[0] = av[U_STATE];
5095 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5096 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5097 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5098 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5099 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5100 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5103 if (strlen(av[U_UID]) != 0)
5105 uid_v[0] = av[U_UID];
5109 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5114 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5115 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5122 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5126 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5131 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5132 mitid_v[0] = av[U_MITID];
5134 mitid_v[0] = "none";
5136 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5138 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5139 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5140 drives_v, mods, LDAP_MOD_ADD, n);
5144 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5145 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5146 attr_array[0] = "sAMAccountName";
5147 attr_array[1] = NULL;
5151 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5152 attr_array, &group_base, &group_count,
5153 LDAP_SCOPE_SUBTREE) != 0))
5156 if (group_count != 1)
5158 com_err(whoami, 0, "Unable to process user security template: %s - "
5159 "security not set", "UserTemplate.u");
5163 strcpy(TemplateDn, group_base->dn);
5164 strcpy(TemplateSamName, group_base->value);
5165 linklist_free(group_base);
5169 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5170 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5171 apsServerControls, NULL,
5174 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5176 com_err(whoami, 0, "Unable to find user security template: %s - "
5177 "security not set", "UserTemplate.u");
5181 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5182 "ntSecurityDescriptor");
5183 if (ppsValues == NULL)
5185 com_err(whoami, 0, "Unable to find user security template: %s - "
5186 "security not set", "UserTemplate.u");
5190 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5191 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5196 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5198 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5200 OldUseSFU30 = UseSFU30;
5201 SwitchSFU(mods, &UseSFU30, n);
5202 if (OldUseSFU30 != UseSFU30)
5203 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5206 for (i = 0; i < n; i++)
5209 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5211 com_err(whoami, 0, "Unable to create user %s : %s",
5212 user_name, ldap_err2string(rc));
5217 if ((rc == LDAP_SUCCESS) && (SetPassword))
5219 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5221 ad_kdc_disconnect();
5222 if (!ad_server_connect(default_server, ldap_domain))
5224 com_err(whoami, 0, "Unable to set password for user %s : %s",
5226 "cannot get changepw ticket from windows domain");
5230 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5232 com_err(whoami, 0, "Unable to set password for user %s "
5233 ": %ld", user_name, rc);
5239 if(!ActiveDirectory)
5241 if (rc = moira_connect())
5243 critical_alert("AD incremental",
5244 "Error contacting Moira server : %s",
5249 argv[0] = user_name;
5251 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5254 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5256 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5258 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5263 "Unable to set the mailRoutingAddress for %s : %s",
5264 user_name, ldap_err2string(rc));
5266 p = strdup(save_argv[3]);
5268 if((c = strchr(p, ',')) != NULL) {
5272 if ((c = strchr(q, '@')) == NULL)
5273 sprintf(temp, "%s@mit.edu", q);
5275 sprintf(temp, "%s", q);
5277 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5279 mail_routing_v[0] = temp;
5282 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5284 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5286 if (rc == LDAP_ALREADY_EXISTS ||
5287 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5292 "Unable to set the mailRoutingAddress for %s : %s",
5293 user_name, ldap_err2string(rc));
5296 while((q = strtok(NULL, ",")) != NULL) {
5299 if((c = strchr(q, '@')) == NULL)
5300 sprintf(temp, "%s@mit.edu", q);
5302 sprintf(temp, "%s", q);
5304 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5306 mail_routing_v[0] = temp;
5309 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5311 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5313 if (rc == LDAP_ALREADY_EXISTS ||
5314 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5319 "Unable to set the mailRoutingAddress for %s : %s",
5320 user_name, ldap_err2string(rc));
5326 if((c = strchr(p, '@')) == NULL)
5327 sprintf(temp, "%s@mit.edu", p);
5329 sprintf(temp, "%s", p);
5331 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5333 mail_routing_v[0] = temp;
5336 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5338 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5340 if (rc == LDAP_ALREADY_EXISTS ||
5341 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5346 "Unable to set the mailRoutingAddress for %s : %s",
5347 user_name, ldap_err2string(rc));
5357 int user_change_status(LDAP *ldap_handle, char *dn_path,
5358 char *user_name, char *MoiraId,
5362 char *attr_array[3];
5364 char distinguished_name[1024];
5366 char *mitMoiraId_v[] = {NULL, NULL};
5368 LK_ENTRY *group_base;
5375 if (!check_string(user_name))
5377 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5379 return(AD_INVALID_NAME);
5385 if (strlen(MoiraId) != 0)
5387 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5388 attr_array[0] = "UserAccountControl";
5389 attr_array[1] = NULL;
5390 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5391 &group_base, &group_count,
5392 LDAP_SCOPE_SUBTREE)) != 0)
5394 com_err(whoami, 0, "Unable to process user %s : %s",
5395 user_name, ldap_err2string(rc));
5400 if (group_count != 1)
5402 linklist_free(group_base);
5405 sprintf(filter, "(sAMAccountName=%s)", user_name);
5406 attr_array[0] = "UserAccountControl";
5407 attr_array[1] = NULL;
5408 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5409 &group_base, &group_count,
5410 LDAP_SCOPE_SUBTREE)) != 0)
5412 com_err(whoami, 0, "Unable to process user %s : %s",
5413 user_name, ldap_err2string(rc));
5418 if (group_count != 1)
5420 linklist_free(group_base);
5421 com_err(whoami, 0, "Unable to find user %s in AD",
5423 return(LDAP_NO_SUCH_OBJECT);
5426 strcpy(distinguished_name, group_base->dn);
5427 ulongValue = atoi((*group_base).value);
5429 if (operation == MEMBER_DEACTIVATE)
5430 ulongValue |= UF_ACCOUNTDISABLE;
5432 ulongValue &= ~UF_ACCOUNTDISABLE;
5434 sprintf(temp, "%ld", ulongValue);
5436 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5437 temp, &modvalues, REPLACE)) == 1)
5440 linklist_free(group_base);
5444 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5446 if (strlen(MoiraId) != 0)
5448 mitMoiraId_v[0] = MoiraId;
5449 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5453 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5455 for (i = 0; i < n; i++)
5458 free_values(modvalues);
5460 if (rc != LDAP_SUCCESS)
5462 com_err(whoami, 0, "Unable to change status of user %s : %s",
5463 user_name, ldap_err2string(rc));
5470 int user_delete(LDAP *ldap_handle, char *dn_path,
5471 char *u_name, char *MoiraId)
5474 char *attr_array[3];
5475 char distinguished_name[1024];
5476 char user_name[512];
5477 LK_ENTRY *group_base;
5482 if (!check_string(u_name))
5483 return(AD_INVALID_NAME);
5485 strcpy(user_name, u_name);
5489 if (strlen(MoiraId) != 0)
5491 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5492 attr_array[0] = "name";
5493 attr_array[1] = NULL;
5494 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5495 &group_base, &group_count,
5496 LDAP_SCOPE_SUBTREE)) != 0)
5498 com_err(whoami, 0, "Unable to process user %s : %s",
5499 user_name, ldap_err2string(rc));
5504 if (group_count != 1)
5506 linklist_free(group_base);
5509 sprintf(filter, "(sAMAccountName=%s)", user_name);
5510 attr_array[0] = "name";
5511 attr_array[1] = NULL;
5512 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5513 &group_base, &group_count,
5514 LDAP_SCOPE_SUBTREE)) != 0)
5516 com_err(whoami, 0, "Unable to process user %s : %s",
5517 user_name, ldap_err2string(rc));
5522 if (group_count != 1)
5524 com_err(whoami, 0, "Unable to find user %s in AD",
5529 strcpy(distinguished_name, group_base->dn);
5531 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5533 com_err(whoami, 0, "Unable to process user %s : %s",
5534 user_name, ldap_err2string(rc));
5537 /* Need to add code to delete mit.edu contact */
5541 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5543 if(rc = ldap_delete_s(ldap_handle, temp))
5545 com_err(whoami, 0, "Unable to delete user contact for %s",
5551 linklist_free(group_base);
5556 void linklist_free(LK_ENTRY *linklist_base)
5558 LK_ENTRY *linklist_previous;
5560 while (linklist_base != NULL)
5562 if (linklist_base->dn != NULL)
5563 free(linklist_base->dn);
5565 if (linklist_base->attribute != NULL)
5566 free(linklist_base->attribute);
5568 if (linklist_base->value != NULL)
5569 free(linklist_base->value);
5571 if (linklist_base->member != NULL)
5572 free(linklist_base->member);
5574 if (linklist_base->type != NULL)
5575 free(linklist_base->type);
5577 if (linklist_base->list != NULL)
5578 free(linklist_base->list);
5580 linklist_previous = linklist_base;
5581 linklist_base = linklist_previous->next;
5582 free(linklist_previous);
5586 void free_values(char **modvalues)
5592 if (modvalues != NULL)
5594 while (modvalues[i] != NULL)
5597 modvalues[i] = NULL;
5604 static int illegalchars[] = {
5605 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5606 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5607 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5608 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5609 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5610 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5611 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5612 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5613 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5614 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5615 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5616 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5617 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5618 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5619 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5620 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5623 static int illegalchars_ldap[] = {
5624 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5625 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5626 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5627 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5628 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5629 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5630 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5631 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5632 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5635 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5636 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5637 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5638 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5639 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5642 int check_string(char *s)
5650 if (isupper(character))
5651 character = tolower(character);
5655 if (illegalchars[(unsigned) character])
5660 if (illegalchars_ldap[(unsigned) character])
5668 int check_container_name(char *s)
5676 if (isupper(character))
5677 character = tolower(character);
5679 if (character == ' ')
5682 if (illegalchars[(unsigned) character])
5689 int mr_connect_cl(char *server, char *client, int version, int auth)
5695 status = mr_connect(server);
5699 com_err(whoami, status, "while connecting to Moira");
5703 status = mr_motd(&motd);
5708 com_err(whoami, status, "while checking server status");
5714 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5715 com_err(whoami, status, temp);
5720 status = mr_version(version);
5724 if (status == MR_UNKNOWN_PROC)
5727 status = MR_VERSION_HIGH;
5729 status = MR_SUCCESS;
5732 if (status == MR_VERSION_HIGH)
5734 com_err(whoami, 0, "Warning: This client is running newer code "
5735 "than the server.");
5736 com_err(whoami, 0, "Some operations may not work.");
5738 else if (status && status != MR_VERSION_LOW)
5740 com_err(whoami, status, "while setting query version number.");
5748 status = mr_krb5_auth(client);
5751 com_err(whoami, status, "while authenticating to Moira.");
5760 void AfsToWinAfs(char* path, char* winPath)
5764 strcpy(winPath, WINAFS);
5765 pathPtr = path + strlen(AFS);
5766 winPathPtr = winPath + strlen(WINAFS);
5770 if (*pathPtr == '/')
5773 *winPathPtr = *pathPtr;
5780 int GetAceInfo(int ac, char **av, void *ptr)
5787 strcpy(call_args[0], av[L_ACE_TYPE]);
5788 strcpy(call_args[1], av[L_ACE_NAME]);
5790 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5791 return(LDAP_SUCCESS);
5794 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5797 char *attr_array[3];
5800 LK_ENTRY *group_base;
5805 sprintf(filter, "(sAMAccountName=%s)", Name);
5806 attr_array[0] = "sAMAccountName";
5807 attr_array[1] = NULL;
5809 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5810 &group_base, &group_count,
5811 LDAP_SCOPE_SUBTREE)) != 0)
5813 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5814 Name, ldap_err2string(rc));
5818 linklist_free(group_base);
5821 if (group_count == 0)
5829 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5830 int UpdateGroup, int *ProcessGroup, char *maillist)
5833 char GroupName[256];
5839 char AceMembership[2];
5842 char *save_argv[U_END];
5846 com_err(whoami, 0, "ProcessAce disabled, skipping");
5850 strcpy(GroupName, Name);
5852 if (strcasecmp(Type, "LIST"))
5858 AceInfo[0] = AceType;
5859 AceInfo[1] = AceName;
5860 AceInfo[2] = AceMembership;
5862 memset(AceType, '\0', sizeof(AceType));
5863 memset(AceName, '\0', sizeof(AceName));
5864 memset(AceMembership, '\0', sizeof(AceMembership));
5865 memset(AceOu, '\0', sizeof(AceOu));
5868 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5870 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5871 GroupName, error_message(rc));
5877 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5881 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5884 strcpy(temp, AceName);
5886 if (!strcasecmp(AceType, "LIST"))
5887 sprintf(temp, "%s%s", AceName, group_suffix);
5891 if (checkADname(ldap_handle, dn_path, temp))
5894 (*ProcessGroup) = 1;
5897 if (!strcasecmp(AceInfo[0], "LIST"))
5899 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5900 AceMembership, 0, UpdateGroup, maillist))
5903 else if (!strcasecmp(AceInfo[0], "USER"))
5906 call_args[0] = (char *)ldap_handle;
5907 call_args[1] = dn_path;
5909 call_args[3] = NULL;
5912 if (rc = mr_query("get_user_account_by_login", 1, av,
5913 save_query_info, save_argv))
5915 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5920 if (rc = user_create(U_END, save_argv, call_args))
5922 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5929 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5939 if (!strcasecmp(AceType, "LIST"))
5941 if (!strcasecmp(GroupName, AceName))
5945 strcpy(GroupName, AceName);
5951 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5952 char *group_name, char *group_ou, char *group_membership,
5953 int group_security_flag, int updateGroup, char *maillist)
5958 LK_ENTRY *group_base;
5961 char *attr_array[3];
5964 call_args[0] = (char *)ldap_handle;
5965 call_args[1] = dn_path;
5966 call_args[2] = group_name;
5967 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
5968 call_args[4] = (char *)updateGroup;
5969 call_args[5] = MoiraId;
5971 call_args[7] = NULL;
5977 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
5980 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
5988 com_err(whoami, 0, "Unable to create list %s", group_name);
5989 return(callback_rc);
5995 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
5996 char *group_ou, char *group_membership,
5997 int group_security_flag, char *MoiraId)
6012 char *member_v[] = {NULL, NULL};
6013 char *save_argv[U_END];
6014 char machine_ou[256];
6015 char NewMachineName[1024];
6017 com_err(whoami, 0, "Populating group %s", group_name);
6019 call_args[0] = (char *)ldap_handle;
6020 call_args[1] = dn_path;
6021 call_args[2] = group_name;
6022 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6024 call_args[4] = NULL;
6027 if (rc = mr_query("get_end_members_of_list", 1, av,
6028 member_list_build, call_args))
6030 com_err(whoami, 0, "Unable to populate list %s : %s",
6031 group_name, error_message(rc));
6035 members = (char **)malloc(sizeof(char *) * 2);
6037 if (member_base != NULL)
6043 if (!strcasecmp(ptr->type, "LIST"))
6049 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6055 if(!strcasecmp(ptr->type, "USER"))
6057 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6058 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6064 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6065 "")) == AD_NO_USER_FOUND)
6067 com_err(whoami, 0, "creating user %s", ptr->member);
6069 av[0] = ptr->member;
6070 call_args[0] = (char *)ldap_handle;
6071 call_args[1] = dn_path;
6073 call_args[3] = NULL;
6076 if (rc = mr_query("get_user_account_by_login", 1, av,
6077 save_query_info, save_argv))
6079 com_err(whoami, 0, "Unable to create user %s "
6080 "while populating group %s.", ptr->member,
6086 if (rc = user_create(U_END, save_argv, call_args))
6088 com_err(whoami, 0, "Unable to create user %s "
6089 "while populating group %s.", ptr->member,
6097 com_err(whoami, 0, "Unable to create user %s "
6098 "while populating group %s", ptr->member,
6109 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6114 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6119 else if (!strcasecmp(ptr->type, "STRING"))
6121 if (contact_create(ldap_handle, dn_path, ptr->member,
6125 pUserOu = contact_ou;
6126 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6129 else if (!strcasecmp(ptr->type, "KERBEROS"))
6131 if (contact_create(ldap_handle, dn_path, ptr->member,
6135 pUserOu = kerberos_ou;
6136 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6139 else if (!strcasecmp(ptr->type, "MACHINE"))
6141 memset(machine_ou, '\0', sizeof(machine_ou));
6142 memset(NewMachineName, '\0', sizeof(NewMachineName));
6144 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6145 machine_ou, NewMachineName))
6147 pUserOu = machine_ou;
6148 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6159 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6160 members[i++] = strdup(member);
6165 linklist_free(member_base);
6171 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6173 if(GroupPopulateDelete)
6176 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6179 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6180 mods)) != LDAP_SUCCESS)
6183 "Unable to populate group membership for %s: %s",
6184 group_dn, ldap_err2string(rc));
6187 for (i = 0; i < n; i++)
6192 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6195 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6196 mods)) != LDAP_SUCCESS)
6199 "Unable to populate group membership for %s: %s",
6200 group_dn, ldap_err2string(rc));
6203 for (i = 0; i < n; i++)
6211 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6212 char *group_name, char *group_ou, char *group_membership,
6213 int group_security_flag, int type, char *maillist)
6215 char before_desc[512];
6216 char before_name[256];
6217 char before_group_ou[256];
6218 char before_group_membership[2];
6219 char distinguishedName[256];
6220 char ad_distinguishedName[256];
6222 char *attr_array[3];
6223 int before_security_flag;
6226 LK_ENTRY *group_base;
6229 char ou_security[512];
6230 char ou_distribution[512];
6231 char ou_neither[512];
6234 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6235 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6237 memset(filter, '\0', sizeof(filter));
6241 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6243 "samAccountName", &group_base,
6244 &group_count, filter))
6247 if (type == CHECK_GROUPS)
6249 if (group_count == 1)
6251 strcpy(group_dn, group_base->dn);
6253 if (!strcasecmp(group_dn, distinguishedName))
6255 linklist_free(group_base);
6260 linklist_free(group_base);
6262 if (group_count == 0)
6263 return(AD_NO_GROUPS_FOUND);
6265 if (group_count == 1)
6266 return(AD_WRONG_GROUP_DN_FOUND);
6268 return(AD_MULTIPLE_GROUPS_FOUND);
6271 if (group_count == 0)
6273 return(AD_NO_GROUPS_FOUND);
6276 if (group_count > 1)
6280 strcpy(group_dn, ptr->dn);
6284 if (!strcasecmp(group_dn, ptr->value))
6292 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6298 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6302 linklist_free(group_base);
6303 return(AD_MULTIPLE_GROUPS_FOUND);
6310 strcpy(group_dn, ptr->dn);
6312 if (strcasecmp(group_dn, ptr->value))
6313 rc = ldap_delete_s(ldap_handle, ptr->value);
6318 linklist_free(group_base);
6319 memset(filter, '\0', sizeof(filter));
6323 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6325 "samAccountName", &group_base,
6326 &group_count, filter))
6329 if (group_count == 0)
6330 return(AD_NO_GROUPS_FOUND);
6332 if (group_count > 1)
6333 return(AD_MULTIPLE_GROUPS_FOUND);
6336 strcpy(ad_distinguishedName, group_base->dn);
6337 linklist_free(group_base);
6341 attr_array[0] = "sAMAccountName";
6342 attr_array[1] = NULL;
6344 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6345 &group_base, &group_count,
6346 LDAP_SCOPE_SUBTREE)) != 0)
6348 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6349 MoiraId, ldap_err2string(rc));
6353 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6355 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6357 linklist_free(group_base);
6363 linklist_free(group_base);
6366 memset(ou_both, '\0', sizeof(ou_both));
6367 memset(ou_security, '\0', sizeof(ou_security));
6368 memset(ou_distribution, '\0', sizeof(ou_distribution));
6369 memset(ou_neither, '\0', sizeof(ou_neither));
6370 memset(before_name, '\0', sizeof(before_name));
6371 memset(before_desc, '\0', sizeof(before_desc));
6372 memset(before_group_membership, '\0', sizeof(before_group_membership));
6374 attr_array[0] = "name";
6375 attr_array[1] = NULL;
6377 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6378 &group_base, &group_count,
6379 LDAP_SCOPE_SUBTREE)) != 0)
6381 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6382 MoiraId, ldap_err2string(rc));
6386 strcpy(before_name, group_base->value);
6387 linklist_free(group_base);
6391 attr_array[0] = "description";
6392 attr_array[1] = NULL;
6394 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6395 &group_base, &group_count,
6396 LDAP_SCOPE_SUBTREE)) != 0)
6399 "Unable to get list description with MoiraId = %s: %s",
6400 MoiraId, ldap_err2string(rc));
6404 if (group_count != 0)
6406 strcpy(before_desc, group_base->value);
6407 linklist_free(group_base);
6412 change_to_lower_case(ad_distinguishedName);
6413 strcpy(ou_both, group_ou_both);
6414 change_to_lower_case(ou_both);
6415 strcpy(ou_security, group_ou_security);
6416 change_to_lower_case(ou_security);
6417 strcpy(ou_distribution, group_ou_distribution);
6418 change_to_lower_case(ou_distribution);
6419 strcpy(ou_neither, group_ou_neither);
6420 change_to_lower_case(ou_neither);
6422 if (strstr(ad_distinguishedName, ou_both))
6424 strcpy(before_group_ou, group_ou_both);
6425 before_group_membership[0] = 'B';
6426 before_security_flag = 1;
6428 else if (strstr(ad_distinguishedName, ou_security))
6430 strcpy(before_group_ou, group_ou_security);
6431 before_group_membership[0] = 'S';
6432 before_security_flag = 1;
6434 else if (strstr(ad_distinguishedName, ou_distribution))
6436 strcpy(before_group_ou, group_ou_distribution);
6437 before_group_membership[0] = 'D';
6438 before_security_flag = 0;
6440 else if (strstr(ad_distinguishedName, ou_neither))
6442 strcpy(before_group_ou, group_ou_neither);
6443 before_group_membership[0] = 'N';
6444 before_security_flag = 0;
6447 return(AD_NO_OU_FOUND);
6449 rc = group_rename(ldap_handle, dn_path, before_name,
6450 before_group_membership,
6451 before_group_ou, before_security_flag, before_desc,
6452 group_name, group_membership, group_ou,
6453 group_security_flag,
6454 before_desc, MoiraId, filter, maillist);
6459 void change_to_lower_case(char *ptr)
6463 for (i = 0; i < (int)strlen(ptr); i++)
6465 ptr[i] = tolower(ptr[i]);
6469 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6470 char *group_name, char *group_membership,
6471 char *MoiraId, char *attribute,
6472 LK_ENTRY **linklist_base, int *linklist_count,
6477 char *attr_array[3];
6481 (*linklist_base) = NULL;
6482 (*linklist_count) = 0;
6484 if (strlen(rFilter) != 0)
6486 strcpy(filter, rFilter);
6487 attr_array[0] = attribute;
6488 attr_array[1] = NULL;
6490 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6491 linklist_base, linklist_count,
6492 LDAP_SCOPE_SUBTREE)) != 0)
6494 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6495 MoiraId, ldap_err2string(rc));
6499 if ((*linklist_count) == 1)
6501 strcpy(rFilter, filter);
6506 linklist_free((*linklist_base));
6507 (*linklist_base) = NULL;
6508 (*linklist_count) = 0;
6510 if (strlen(MoiraId) != 0)
6512 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6514 attr_array[0] = attribute;
6515 attr_array[1] = NULL;
6517 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6518 linklist_base, linklist_count,
6519 LDAP_SCOPE_SUBTREE)) != 0)
6521 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6522 MoiraId, ldap_err2string(rc));
6527 if ((*linklist_count) > 1)
6529 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6530 pPtr = (*linklist_base);
6534 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6539 linklist_free((*linklist_base));
6540 (*linklist_base) = NULL;
6541 (*linklist_count) = 0;
6544 if ((*linklist_count) == 1)
6547 pPtr = (*linklist_base);
6548 dn = strdup(pPtr->dn);
6551 if (!memcmp(dn, group_name, strlen(group_name)))
6553 strcpy(rFilter, filter);
6558 linklist_free((*linklist_base));
6559 (*linklist_base) = NULL;
6560 (*linklist_count) = 0;
6561 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6563 attr_array[0] = attribute;
6564 attr_array[1] = NULL;
6566 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6567 linklist_base, linklist_count,
6568 LDAP_SCOPE_SUBTREE)) != 0)
6570 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6571 MoiraId, ldap_err2string(rc));
6575 if ((*linklist_count) == 1)
6577 strcpy(rFilter, filter);
6584 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6587 char *attr_array[3];
6588 char SamAccountName[64];
6591 LK_ENTRY *group_base;
6597 if (strlen(MoiraId) != 0)
6599 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6601 attr_array[0] = "sAMAccountName";
6602 attr_array[1] = NULL;
6603 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6604 &group_base, &group_count,
6605 LDAP_SCOPE_SUBTREE)) != 0)
6607 com_err(whoami, 0, "Unable to process user %s : %s",
6608 UserName, ldap_err2string(rc));
6612 if (group_count > 1)
6614 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6620 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6621 gPtr->value, MoiraId);
6627 if (group_count != 1)
6629 linklist_free(group_base);
6632 sprintf(filter, "(sAMAccountName=%s)", UserName);
6633 attr_array[0] = "sAMAccountName";
6634 attr_array[1] = NULL;
6636 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6637 &group_base, &group_count,
6638 LDAP_SCOPE_SUBTREE)) != 0)
6640 com_err(whoami, 0, "Unable to process user %s : %s",
6641 UserName, ldap_err2string(rc));
6646 if (group_count != 1)
6648 linklist_free(group_base);
6649 return(AD_NO_USER_FOUND);
6652 strcpy(SamAccountName, group_base->value);
6653 linklist_free(group_base);
6657 if (strcmp(SamAccountName, UserName))
6660 "User object %s with MoiraId %s has mismatched usernames "
6661 "(LDAP username %s, Moira username %s)", SamAccountName,
6662 MoiraId, SamAccountName, UserName);
6668 void container_get_dn(char *src, char *dest)
6675 memset(array, '\0', 20 * sizeof(array[0]));
6677 if (strlen(src) == 0)
6699 strcpy(dest, "OU=");
6703 strcat(dest, array[n-1]);
6707 strcat(dest, ",OU=");
6714 void container_get_name(char *src, char *dest)
6719 if (strlen(src) == 0)
6739 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6746 strcpy(cName, name);
6748 for (i = 0; i < (int)strlen(cName); i++)
6750 if (cName[i] == '/')
6753 av[CONTAINER_NAME] = cName;
6754 av[CONTAINER_DESC] = "";
6755 av[CONTAINER_LOCATION] = "";
6756 av[CONTAINER_CONTACT] = "";
6757 av[CONTAINER_TYPE] = "";
6758 av[CONTAINER_ID] = "";
6759 av[CONTAINER_ROWID] = "";
6760 rc = container_create(ldap_handle, dn_path, 7, av);
6762 if (rc == LDAP_SUCCESS)
6764 com_err(whoami, 0, "container %s created without a mitMoiraId",
6773 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6774 char **before, int afterc, char **after)
6779 char new_dn_path[256];
6781 char distinguishedName[256];
6786 memset(cName, '\0', sizeof(cName));
6787 container_get_name(after[CONTAINER_NAME], cName);
6789 if (!check_container_name(cName))
6791 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6793 return(AD_INVALID_NAME);
6796 memset(distinguishedName, '\0', sizeof(distinguishedName));
6798 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6799 distinguishedName, beforec, before))
6802 if (strlen(distinguishedName) == 0)
6804 rc = container_create(ldap_handle, dn_path, afterc, after);
6808 strcpy(temp, after[CONTAINER_NAME]);
6811 for (i = 0; i < (int)strlen(temp); i++)
6821 container_get_dn(temp, dName);
6823 if (strlen(temp) != 0)
6824 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6826 sprintf(new_dn_path, "%s", dn_path);
6828 sprintf(new_cn, "OU=%s", cName);
6830 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6832 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6833 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6835 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6836 before[CONTAINER_NAME], after[CONTAINER_NAME],
6837 ldap_err2string(rc));
6841 memset(dName, '\0', sizeof(dName));
6842 container_get_dn(after[CONTAINER_NAME], dName);
6843 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6848 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6850 char distinguishedName[256];
6853 memset(distinguishedName, '\0', sizeof(distinguishedName));
6855 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6856 distinguishedName, count, av))
6859 if (strlen(distinguishedName) == 0)
6862 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6864 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6865 container_move_objects(ldap_handle, dn_path, distinguishedName);
6867 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
6868 av[CONTAINER_NAME], ldap_err2string(rc));
6874 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6876 char *attr_array[3];
6877 LK_ENTRY *group_base;
6880 char *objectClass_v[] = {"top",
6881 "organizationalUnit",
6884 char *ou_v[] = {NULL, NULL};
6885 char *name_v[] = {NULL, NULL};
6886 char *moiraId_v[] = {NULL, NULL};
6887 char *desc_v[] = {NULL, NULL};
6888 char *managedBy_v[] = {NULL, NULL};
6891 char managedByDN[256];
6898 memset(filter, '\0', sizeof(filter));
6899 memset(dName, '\0', sizeof(dName));
6900 memset(cName, '\0', sizeof(cName));
6901 memset(managedByDN, '\0', sizeof(managedByDN));
6902 container_get_dn(av[CONTAINER_NAME], dName);
6903 container_get_name(av[CONTAINER_NAME], cName);
6905 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6907 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6909 return(AD_INVALID_NAME);
6912 if (!check_container_name(cName))
6914 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6916 return(AD_INVALID_NAME);
6920 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6922 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6924 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6926 if (strlen(av[CONTAINER_ROWID]) != 0)
6928 moiraId_v[0] = av[CONTAINER_ROWID];
6929 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6932 if (strlen(av[CONTAINER_DESC]) != 0)
6934 desc_v[0] = av[CONTAINER_DESC];
6935 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6938 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6940 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6942 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6945 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6946 kerberos_ou, dn_path);
6947 managedBy_v[0] = managedByDN;
6948 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6953 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6955 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
6956 "(objectClass=user)))", av[CONTAINER_ID]);
6959 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6961 sprintf(filter, "(&(objectClass=group)(cn=%s))",
6965 if (strlen(filter) != 0)
6967 attr_array[0] = "distinguishedName";
6968 attr_array[1] = NULL;
6971 if ((rc = linklist_build(ldap_handle, dn_path, filter,
6973 &group_base, &group_count,
6974 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6976 if (group_count == 1)
6978 strcpy(managedByDN, group_base->value);
6979 managedBy_v[0] = managedByDN;
6980 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6982 linklist_free(group_base);
6992 sprintf(temp, "%s,%s", dName, dn_path);
6993 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
6995 for (i = 0; i < n; i++)
6998 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7000 com_err(whoami, 0, "Unable to create container %s : %s",
7001 cName, ldap_err2string(rc));
7005 if (rc == LDAP_ALREADY_EXISTS)
7007 if (strlen(av[CONTAINER_ROWID]) != 0)
7008 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7014 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7015 char **before, int afterc, char **after)
7017 char distinguishedName[256];
7020 memset(distinguishedName, '\0', sizeof(distinguishedName));
7022 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7023 distinguishedName, afterc, after))
7026 if (strlen(distinguishedName) == 0)
7028 rc = container_create(ldap_handle, dn_path, afterc, after);
7032 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7033 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7039 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7040 char *distinguishedName, int count,
7043 char *attr_array[3];
7044 LK_ENTRY *group_base;
7051 memset(filter, '\0', sizeof(filter));
7052 memset(dName, '\0', sizeof(dName));
7053 memset(cName, '\0', sizeof(cName));
7054 container_get_dn(av[CONTAINER_NAME], dName);
7055 container_get_name(av[CONTAINER_NAME], cName);
7057 if (strlen(dName) == 0)
7059 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7060 av[CONTAINER_NAME]);
7061 return(AD_INVALID_NAME);
7064 if (!check_container_name(cName))
7066 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7068 return(AD_INVALID_NAME);
7071 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7072 av[CONTAINER_ROWID]);
7073 attr_array[0] = "distinguishedName";
7074 attr_array[1] = NULL;
7078 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7079 &group_base, &group_count,
7080 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7082 if (group_count == 1)
7084 strcpy(distinguishedName, group_base->value);
7087 linklist_free(group_base);
7092 if (strlen(distinguishedName) == 0)
7094 sprintf(filter, "(&(objectClass=organizationalUnit)"
7095 "(distinguishedName=%s,%s))", dName, dn_path);
7096 attr_array[0] = "distinguishedName";
7097 attr_array[1] = NULL;
7101 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7102 &group_base, &group_count,
7103 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7105 if (group_count == 1)
7107 strcpy(distinguishedName, group_base->value);
7110 linklist_free(group_base);
7119 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7120 char *distinguishedName, int count, char **av)
7122 char *attr_array[5];
7123 LK_ENTRY *group_base;
7128 char *moiraId_v[] = {NULL, NULL};
7129 char *desc_v[] = {NULL, NULL};
7130 char *managedBy_v[] = {NULL, NULL};
7131 char managedByDN[256];
7140 strcpy(ad_path, distinguishedName);
7142 if (strlen(dName) != 0)
7143 sprintf(ad_path, "%s,%s", dName, dn_path);
7145 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7148 if (strlen(av[CONTAINER_ID]) != 0)
7149 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7150 av[CONTAINER_ROWID]);
7152 attr_array[0] = "mitMoiraId";
7153 attr_array[1] = "description";
7154 attr_array[2] = "managedBy";
7155 attr_array[3] = NULL;
7159 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7160 &group_base, &group_count,
7161 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7163 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7164 av[CONTAINER_NAME], ldap_err2string(rc));
7168 memset(managedByDN, '\0', sizeof(managedByDN));
7169 memset(moiraId, '\0', sizeof(moiraId));
7170 memset(desc, '\0', sizeof(desc));
7175 if (!strcasecmp(pPtr->attribute, "description"))
7176 strcpy(desc, pPtr->value);
7177 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7178 strcpy(managedByDN, pPtr->value);
7179 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7180 strcpy(moiraId, pPtr->value);
7184 linklist_free(group_base);
7189 if (strlen(av[CONTAINER_ROWID]) != 0)
7191 moiraId_v[0] = av[CONTAINER_ROWID];
7192 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7195 if (strlen(av[CONTAINER_DESC]) != 0)
7197 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7202 if (strlen(desc) != 0)
7204 attribute_update(ldap_handle, ad_path, "", "description", dName);
7208 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7210 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7212 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7215 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7216 kerberos_ou, dn_path);
7217 managedBy_v[0] = managedByDN;
7218 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7222 if (strlen(managedByDN) != 0)
7224 attribute_update(ldap_handle, ad_path, "", "managedBy",
7231 memset(filter, '\0', sizeof(filter));
7233 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7235 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7236 "(objectClass=user)))", av[CONTAINER_ID]);
7239 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7241 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7245 if (strlen(filter) != 0)
7247 attr_array[0] = "distinguishedName";
7248 attr_array[1] = NULL;
7251 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7252 attr_array, &group_base, &group_count,
7253 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7255 if (group_count == 1)
7257 strcpy(managedByDN, group_base->value);
7258 managedBy_v[0] = managedByDN;
7259 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7263 if (strlen(managedByDN) != 0)
7265 attribute_update(ldap_handle, ad_path, "",
7266 "managedBy", dName);
7270 linklist_free(group_base);
7277 if (strlen(managedByDN) != 0)
7279 attribute_update(ldap_handle, ad_path, "", "managedBy",
7289 return(LDAP_SUCCESS);
7291 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7293 for (i = 0; i < n; i++)
7296 if (rc != LDAP_SUCCESS)
7298 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7299 av[CONTAINER_NAME], ldap_err2string(rc));
7306 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7308 char *attr_array[3];
7309 LK_ENTRY *group_base;
7316 int NumberOfEntries = 10;
7320 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7322 for (i = 0; i < 3; i++)
7324 memset(filter, '\0', sizeof(filter));
7328 strcpy(filter, "(!(|(objectClass=computer)"
7329 "(objectClass=organizationalUnit)))");
7330 attr_array[0] = "cn";
7331 attr_array[1] = NULL;
7335 strcpy(filter, "(objectClass=computer)");
7336 attr_array[0] = "cn";
7337 attr_array[1] = NULL;
7341 strcpy(filter, "(objectClass=organizationalUnit)");
7342 attr_array[0] = "ou";
7343 attr_array[1] = NULL;
7348 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7349 &group_base, &group_count,
7350 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7355 if (group_count == 0)
7362 if (!strcasecmp(pPtr->attribute, "cn"))
7364 sprintf(new_cn, "cn=%s", pPtr->value);
7366 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7368 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7373 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7375 if (rc == LDAP_ALREADY_EXISTS)
7377 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7384 else if (!strcasecmp(pPtr->attribute, "ou"))
7386 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7392 linklist_free(group_base);
7401 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7402 char *machine_ou, char *NewMachineName)
7404 LK_ENTRY *group_base;
7408 char *attr_array[3];
7415 strcpy(NewMachineName, member);
7416 rc = moira_connect();
7417 rc = GetMachineName(NewMachineName);
7420 if (strlen(NewMachineName) == 0)
7422 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7428 pPtr = strchr(NewMachineName, '.');
7435 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7436 attr_array[0] = "cn";
7437 attr_array[1] = NULL;
7438 sprintf(temp, "%s", dn_path);
7440 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7441 &group_base, &group_count,
7442 LDAP_SCOPE_SUBTREE)) != 0)
7444 com_err(whoami, 0, "Unable to process machine %s : %s",
7445 member, ldap_err2string(rc));
7449 if (group_count != 1)
7454 strcpy(dn, group_base->dn);
7455 strcpy(cn, group_base->value);
7457 for (i = 0; i < (int)strlen(dn); i++)
7458 dn[i] = tolower(dn[i]);
7460 for (i = 0; i < (int)strlen(cn); i++)
7461 cn[i] = tolower(cn[i]);
7463 linklist_free(group_base);
7465 pPtr = strstr(dn, cn);
7469 com_err(whoami, 0, "Unable to process machine %s",
7474 pPtr += strlen(cn) + 1;
7475 strcpy(machine_ou, pPtr);
7477 pPtr = strstr(machine_ou, "dc=");
7481 com_err(whoami, 0, "Unable to process machine %s",
7492 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7493 char *MoiraMachineName, char *DestinationOu)
7497 char MachineName[128];
7499 char *attr_array[3];
7504 LK_ENTRY *group_base;
7509 strcpy(MachineName, MoiraMachineName);
7510 rc = GetMachineName(MachineName);
7512 if (strlen(MachineName) == 0)
7514 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7519 cPtr = strchr(MachineName, '.');
7524 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7525 attr_array[0] = "sAMAccountName";
7526 attr_array[1] = NULL;
7528 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7530 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7532 com_err(whoami, 0, "Unable to process machine %s : %s",
7533 MoiraMachineName, ldap_err2string(rc));
7537 if (group_count == 1)
7538 strcpy(OldDn, group_base->dn);
7540 linklist_free(group_base);
7543 if (group_count != 1)
7545 com_err(whoami, 0, "Unable to find machine %s in AD: %s",
7550 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7551 cPtr = strchr(OldDn, ',');
7556 if (!strcasecmp(cPtr, NewOu))
7560 sprintf(NewCn, "CN=%s", MachineName);
7561 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7566 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7572 memset(Name, '\0', sizeof(Name));
7573 strcpy(Name, machine_name);
7575 pPtr = strchr(Name, '.');
7581 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7584 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7585 char *machine_name, char *container_name)
7591 av[0] = machine_name;
7592 call_args[0] = (char *)container_name;
7593 rc = mr_query("get_machine_to_container_map", 1, av,
7594 machine_GetMoiraContainer, call_args);
7598 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7603 strcpy(call_args[0], av[1]);
7607 int Moira_container_group_create(char **after)
7613 memset(GroupName, '\0', sizeof(GroupName));
7614 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7615 after[CONTAINER_ROWID]);
7619 argv[L_NAME] = GroupName;
7620 argv[L_ACTIVE] = "1";
7621 argv[L_PUBLIC] = "0";
7622 argv[L_HIDDEN] = "0";
7623 argv[L_MAILLIST] = "0";
7624 argv[L_GROUP] = "1";
7625 argv[L_GID] = UNIQUE_GID;
7626 argv[L_NFSGROUP] = "0";
7627 argv[L_MAILMAN] = "0";
7628 argv[L_MAILMAN_SERVER] = "[NONE]";
7629 argv[L_DESC] = "auto created container group";
7630 argv[L_ACE_TYPE] = "USER";
7631 argv[L_MEMACE_TYPE] = "USER";
7632 argv[L_ACE_NAME] = "sms";
7633 argv[L_MEMACE_NAME] = "sms";
7635 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7638 "Unable to create container group %s for container %s: %s",
7639 GroupName, after[CONTAINER_NAME], error_message(rc));
7642 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7643 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7648 int Moira_container_group_update(char **before, char **after)
7651 char BeforeGroupName[64];
7652 char AfterGroupName[64];
7655 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7658 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7659 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7660 if (strlen(BeforeGroupName) == 0)
7663 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7664 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7665 after[CONTAINER_ROWID]);
7669 if (strcasecmp(BeforeGroupName, AfterGroupName))
7671 argv[L_NAME] = BeforeGroupName;
7672 argv[L_NAME + 1] = AfterGroupName;
7673 argv[L_ACTIVE + 1] = "1";
7674 argv[L_PUBLIC + 1] = "0";
7675 argv[L_HIDDEN + 1] = "0";
7676 argv[L_MAILLIST + 1] = "0";
7677 argv[L_GROUP + 1] = "1";
7678 argv[L_GID + 1] = UNIQUE_GID;
7679 argv[L_NFSGROUP + 1] = "0";
7680 argv[L_MAILMAN + 1] = "0";
7681 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7682 argv[L_DESC + 1] = "auto created container group";
7683 argv[L_ACE_TYPE + 1] = "USER";
7684 argv[L_MEMACE_TYPE + 1] = "USER";
7685 argv[L_ACE_NAME + 1] = "sms";
7686 argv[L_MEMACE_NAME + 1] = "sms";
7688 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7691 "Unable to rename container group from %s to %s: %s",
7692 BeforeGroupName, AfterGroupName, error_message(rc));
7699 int Moira_container_group_delete(char **before)
7704 char ParentGroupName[64];
7706 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7707 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7709 memset(GroupName, '\0', sizeof(GroupName));
7711 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7712 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7714 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7716 argv[0] = ParentGroupName;
7718 argv[2] = GroupName;
7720 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7723 "Unable to delete container group %s from list: %s",
7724 GroupName, ParentGroupName, error_message(rc));
7728 if (strlen(GroupName) != 0)
7730 argv[0] = GroupName;
7732 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7734 com_err(whoami, 0, "Unable to delete container group %s : %s",
7735 GroupName, error_message(rc));
7742 int Moira_groupname_create(char *GroupName, char *ContainerName,
7743 char *ContainerRowID)
7748 char newGroupName[64];
7749 char tempGroupName[64];
7755 strcpy(temp, ContainerName);
7757 ptr1 = strrchr(temp, '/');
7763 ptr1 = strrchr(temp, '/');
7767 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7770 strcpy(tempgname, ptr);
7773 strcpy(tempgname, temp);
7775 if (strlen(tempgname) > 25)
7776 tempgname[25] ='\0';
7778 sprintf(newGroupName, "cnt-%s", tempgname);
7780 /* change everything to lower case */
7786 *ptr = tolower(*ptr);
7794 strcpy(tempGroupName, newGroupName);
7797 /* append 0-9 then a-z if a duplicate is found */
7800 argv[0] = newGroupName;
7802 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7804 if (rc == MR_NO_MATCH)
7806 com_err(whoami, 0, "Moira error while creating group name for "
7807 "container %s : %s", ContainerName, error_message(rc));
7811 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7815 com_err(whoami, 0, "Unable to find a unique group name for "
7816 "container %s: too many duplicate container names",
7827 strcpy(GroupName, newGroupName);
7831 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7836 argv[0] = origContainerName;
7837 argv[1] = GroupName;
7839 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7842 "Unable to set container group %s in container %s: %s",
7843 GroupName, origContainerName, error_message(rc));
7849 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7851 char ContainerName[64];
7852 char ParentGroupName[64];
7856 strcpy(ContainerName, origContainerName);
7858 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7860 /* top-level container */
7861 if (strlen(ParentGroupName) == 0)
7864 argv[0] = ParentGroupName;
7866 argv[2] = GroupName;
7868 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7871 "Unable to add container group %s to parent group %s: %s",
7872 GroupName, ParentGroupName, error_message(rc));
7878 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7883 strcpy(call_args[0], av[1]);
7888 int Moira_getGroupName(char *origContainerName, char *GroupName,
7891 char ContainerName[64];
7897 strcpy(ContainerName, origContainerName);
7901 ptr = strrchr(ContainerName, '/');
7909 argv[0] = ContainerName;
7911 call_args[0] = GroupName;
7912 call_args[1] = NULL;
7914 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7917 if (strlen(GroupName) != 0)
7922 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7923 ContainerName, error_message(rc));
7925 com_err(whoami, 0, "Unable to get container group from container %s",
7931 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7937 if (strcmp(GroupName, "[none]") == 0)
7940 argv[0] = GroupName;
7941 argv[1] = "MACHINE";
7942 argv[2] = MachineName;
7945 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7947 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7951 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7952 MachineName, GroupName, error_message(rc));
7958 int GetMachineName(char *MachineName)
7961 char NewMachineName[1024];
7968 // If the address happens to be in the top-level MIT domain, great!
7969 strcpy(NewMachineName, MachineName);
7971 for (i = 0; i < (int)strlen(NewMachineName); i++)
7972 NewMachineName[i] = toupper(NewMachineName[i]);
7974 szDot = strchr(NewMachineName,'.');
7976 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
7981 // If not, see if it has a Moira alias in the top-level MIT domain.
7982 memset(NewMachineName, '\0', sizeof(NewMachineName));
7984 args[1] = MachineName;
7985 call_args[0] = NewMachineName;
7986 call_args[1] = NULL;
7988 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
7990 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
7991 MachineName, error_message(rc));
7992 strcpy(MachineName, "");
7996 if (strlen(NewMachineName) != 0)
7997 strcpy(MachineName, NewMachineName);
7999 strcpy(MachineName, "");
8004 int ProcessMachineName(int ac, char **av, void *ptr)
8007 char MachineName[1024];
8013 if (strlen(call_args[0]) == 0)
8015 strcpy(MachineName, av[0]);
8017 for (i = 0; i < (int)strlen(MachineName); i++)
8018 MachineName[i] = toupper(MachineName[i]);
8020 szDot = strchr(MachineName,'.');
8022 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8024 strcpy(call_args[0], MachineName);
8031 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8037 for (i = 0; i < n; i++)
8039 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8040 mods[i]->mod_type = "uidNumber";
8047 for (i = 0; i < n; i++)
8049 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8050 mods[i]->mod_type = "msSFU30UidNumber";
8057 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8058 char *DistinguishedName,
8059 char *WinHomeDir, char *WinProfileDir,
8060 char **homedir_v, char **winProfile_v,
8061 char **drives_v, LDAPMod **mods,
8068 char winProfile[1024];
8071 char apple_homedir[1024];
8072 char *apple_homedir_v[] = {NULL, NULL};
8076 LDAPMod *DelMods[20];
8078 char *save_argv[FS_END];
8079 char *fsgroup_save_argv[2];
8081 memset(homeDrive, '\0', sizeof(homeDrive));
8082 memset(path, '\0', sizeof(path));
8083 memset(winPath, '\0', sizeof(winPath));
8084 memset(winProfile, '\0', sizeof(winProfile));
8086 if(!ActiveDirectory)
8088 if (rc = moira_connect())
8090 critical_alert("AD incremental",
8091 "Error contacting Moira server : %s",
8096 argv[0] = user_name;
8098 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8101 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8102 !strcmp(save_argv[FS_TYPE], "MUL"))
8105 argv[0] = save_argv[FS_NAME];
8108 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8109 save_fsgroup_info, fsgroup_save_argv)))
8113 argv[0] = fsgroup_save_argv[0];
8115 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8116 save_query_info, save_argv)))
8118 strcpy(path, save_argv[FS_PACK]);
8125 strcpy(path, save_argv[FS_PACK]);
8133 if (!strnicmp(path, AFS, strlen(AFS)))
8135 sprintf(homedir, "%s", path);
8136 sprintf(apple_homedir, "%s/MacData", path);
8137 homedir_v[0] = homedir;
8138 apple_homedir_v[0] = apple_homedir;
8139 ADD_ATTR("homeDirectory", homedir_v, OpType);
8140 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8146 homedir_v[0] = "NONE";
8147 apple_homedir_v[0] = "NONE";
8148 ADD_ATTR("homeDirectory", homedir_v, OpType);
8149 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8156 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8157 (!strcasecmp(WinProfileDir, "[afs]")))
8159 if (rc = moira_connect())
8161 critical_alert("AD incremental",
8162 "Error contacting Moira server : %s",
8167 argv[0] = user_name;
8169 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8172 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8173 !strcmp(save_argv[FS_TYPE], "MUL"))
8176 argv[0] = save_argv[FS_NAME];
8179 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8180 save_fsgroup_info, fsgroup_save_argv)))
8184 argv[0] = fsgroup_save_argv[0];
8186 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8187 save_query_info, save_argv)))
8189 strcpy(path, save_argv[FS_PACK]);
8196 strcpy(path, save_argv[FS_PACK]);
8204 if (!strnicmp(path, AFS, strlen(AFS)))
8206 AfsToWinAfs(path, winPath);
8207 strcpy(winProfile, winPath);
8208 strcat(winProfile, "\\.winprofile");
8215 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8216 (!strcasecmp(WinProfileDir, "[dfs]")))
8218 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8219 user_name[0], user_name);
8221 if (!strcasecmp(WinProfileDir, "[dfs]"))
8223 strcpy(winProfile, path);
8224 strcat(winProfile, "\\.winprofile");
8227 if (!strcasecmp(WinHomeDir, "[dfs]"))
8228 strcpy(winPath, path);
8231 if (!strcasecmp(WinHomeDir, "[local]"))
8232 memset(winPath, '\0', sizeof(winPath));
8233 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8234 !strcasecmp(WinHomeDir, "[dfs]"))
8236 strcpy(homeDrive, "H:");
8240 strcpy(winPath, WinHomeDir);
8241 if (!strncmp(WinHomeDir, "\\\\", 2))
8243 strcpy(homeDrive, "H:");
8247 // nothing needs to be done if WinProfileDir is [afs].
8248 if (!strcasecmp(WinProfileDir, "[local]"))
8249 memset(winProfile, '\0', sizeof(winProfile));
8250 else if (strcasecmp(WinProfileDir, "[afs]") &&
8251 strcasecmp(WinProfileDir, "[dfs]"))
8253 strcpy(winProfile, WinProfileDir);
8256 if (strlen(winProfile) != 0)
8258 if (winProfile[strlen(winProfile) - 1] == '\\')
8259 winProfile[strlen(winProfile) - 1] = '\0';
8262 if (strlen(winPath) != 0)
8264 if (winPath[strlen(winPath) - 1] == '\\')
8265 winPath[strlen(winPath) - 1] = '\0';
8268 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8269 strcat(winProfile, "\\");
8271 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8272 strcat(winPath, "\\");
8274 if (strlen(winPath) == 0)
8276 if (OpType == LDAP_MOD_REPLACE)
8279 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8281 //unset homeDirectory attribute for user.
8282 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8288 homedir_v[0] = strdup(winPath);
8289 ADD_ATTR("homeDirectory", homedir_v, OpType);
8292 if (strlen(winProfile) == 0)
8294 if (OpType == LDAP_MOD_REPLACE)
8297 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8299 //unset profilePate attribute for user.
8300 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8306 winProfile_v[0] = strdup(winProfile);
8307 ADD_ATTR("profilePath", winProfile_v, OpType);
8310 if (strlen(homeDrive) == 0)
8312 if (OpType == LDAP_MOD_REPLACE)
8315 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8317 //unset homeDrive attribute for user
8318 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8324 drives_v[0] = strdup(homeDrive);
8325 ADD_ATTR("homeDrive", drives_v, OpType);
8331 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8332 char *attribute_value, char *attribute, char *user_name)
8334 char *mod_v[] = {NULL, NULL};
8335 LDAPMod *DelMods[20];
8341 if (strlen(attribute_value) == 0)
8344 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8346 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8352 mod_v[0] = attribute_value;
8353 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8356 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8357 mods)) != LDAP_SUCCESS)
8361 mod_v[0] = attribute_value;
8362 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8365 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8366 mods)) != LDAP_SUCCESS)
8368 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8370 attribute, user_name, ldap_err2string(rc));
8380 void StringTrim(char *StringToTrim)
8385 save = strdup(StringToTrim);
8392 /* skip to end of string */
8397 strcpy(StringToTrim, save);
8401 for (t = s; *t; t++)
8417 strcpy(StringToTrim, s);
8421 int ReadConfigFile(char *DomainName)
8432 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8434 if ((fptr = fopen(temp, "r")) != NULL)
8436 while (fgets(temp, sizeof(temp), fptr) != 0)
8438 for (i = 0; i < (int)strlen(temp); i++)
8439 temp[i] = toupper(temp[i]);
8441 if (temp[strlen(temp) - 1] == '\n')
8442 temp[strlen(temp) - 1] = '\0';
8446 if (strlen(temp) == 0)
8449 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8451 if (strlen(temp) > (strlen(DOMAIN)))
8453 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8454 StringTrim(ldap_domain);
8457 else if (!strncmp(temp, REALM, strlen(REALM)))
8459 if (strlen(temp) > (strlen(REALM)))
8461 strcpy(ldap_realm, &temp[strlen(REALM)]);
8462 StringTrim(ldap_realm);
8465 else if (!strncmp(temp, PORT, strlen(PORT)))
8467 if (strlen(temp) > (strlen(PORT)))
8469 strcpy(ldap_port, &temp[strlen(PORT)]);
8470 StringTrim(ldap_port);
8473 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8475 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8477 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8478 StringTrim(PrincipalName);
8481 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8483 if (strlen(temp) > (strlen(SERVER)))
8485 ServerList[Count] = calloc(1, 256);
8486 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8487 StringTrim(ServerList[Count]);
8491 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8493 if (strlen(temp) > (strlen(MSSFU)))
8495 strcpy(temp1, &temp[strlen(MSSFU)]);
8497 if (!strcmp(temp1, SFUTYPE))
8501 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8503 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8505 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8507 if (!strcasecmp(temp1, "NO"))
8510 memset(group_suffix, '\0', sizeof(group_suffix));
8514 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8516 if (strlen(temp) > (strlen(GROUP_TYPE)))
8518 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8520 if (!strcasecmp(temp1, "UNIVERSAL"))
8521 UseGroupUniversal = 1;
8524 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8526 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8528 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8530 if (!strcasecmp(temp1, "NO"))
8534 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8536 if (strlen(temp) > (strlen(SET_PASSWORD)))
8538 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8540 if (!strcasecmp(temp1, "NO"))
8544 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8546 if (strlen(temp) > (strlen(EXCHANGE)))
8548 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8550 if (!strcasecmp(temp1, "YES"))
8554 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8555 strlen(PROCESS_MACHINE_CONTAINER)))
8557 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8559 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8561 if (!strcasecmp(temp1, "NO"))
8562 ProcessMachineContainer = 0;
8565 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8566 strlen(ACTIVE_DIRECTORY)))
8568 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8570 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8572 if (!strcasecmp(temp1, "NO"))
8573 ActiveDirectory = 0;
8576 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8577 strlen(GROUP_POPULATE_MEMBERS)))
8579 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8581 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8583 if (!strcasecmp(temp1, "DELETE"))
8585 GroupPopulateDelete = 1;
8591 if (strlen(ldap_domain) != 0)
8593 memset(ldap_domain, '\0', sizeof(ldap_domain));
8597 if (strlen(temp) != 0)
8598 strcpy(ldap_domain, temp);
8604 if (strlen(ldap_domain) == 0)
8606 strcpy(ldap_domain, DomainName);
8612 for (i = 0; i < Count; i++)
8614 if (ServerList[i] != 0)
8616 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8617 ServerList[i][k] = toupper(ServerList[i][k]);
8624 int ReadDomainList()
8631 unsigned char c[11];
8632 unsigned char stuff[256];
8637 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8639 if ((fptr = fopen(temp, "r")) != NULL)
8641 while (fgets(temp, sizeof(temp), fptr) != 0)
8643 for (i = 0; i < (int)strlen(temp); i++)
8644 temp[i] = toupper(temp[i]);
8646 if (temp[strlen(temp) - 1] == '\n')
8647 temp[strlen(temp) - 1] = '\0';
8651 if (strlen(temp) == 0)
8654 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8656 if (strlen(temp) > (strlen(DOMAIN)))
8658 strcpy(temp1, &temp[strlen(DOMAIN)]);
8660 strcpy(temp, temp1);
8664 strcpy(DomainNames[Count], temp);
8665 StringTrim(DomainNames[Count]);
8674 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8675 "configuration error in ldap.cfg");
8682 int email_isvalid(const char *address) {
8684 const char *c, *domain;
8685 static char *rfc822_specials = "()<>@,;:\\\"[]";
8687 if(address[strlen(address) - 1] == '.')
8690 /* first we validate the name portion (name@domain) */
8691 for (c = address; *c; c++) {
8692 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8697 if (*c == '\\' && (*++c == ' '))
8699 if (*c <= ' ' || *c >= 127)
8714 if (*c <= ' ' || *c >= 127)
8716 if (strchr(rfc822_specials, *c))
8720 if (c == address || *(c - 1) == '.')
8723 /* next we validate the domain portion (name@domain) */
8724 if (!*(domain = ++c)) return 0;
8727 if (c == domain || *(c - 1) == '.')
8731 if (*c <= ' ' || *c >= 127)
8733 if (strchr(rfc822_specials, *c))
8737 return (count >= 1);
8740 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8741 char **homeServerName)
8743 LK_ENTRY *group_base;
8744 LK_ENTRY *sub_group_base;
8748 int sub_group_count;
8750 char sub_filter[1024];
8751 char search_path[1024];
8753 char *attr_array[3];
8755 int homeMDB_count = -1;
8759 int rangeStep = 1500;
8761 int rangeHigh = rangeLow + (rangeStep - 1);
8764 /* Grumble..... microsoft not making it searchable from the root *grr* */
8766 memset(filter, '\0', sizeof(filter));
8767 memset(search_path, '\0', sizeof(search_path));
8769 sprintf(filter, "(objectClass=msExchMDB)");
8770 sprintf(search_path, "CN=Configuration,%s", dn_path);
8771 attr_array[0] = "distinguishedName";
8772 attr_array[1] = NULL;
8777 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8778 &group_base, &group_count,
8779 LDAP_SCOPE_SUBTREE)) != 0)
8781 com_err(whoami, 0, "Unable to find msExchMDB %s",
8782 ldap_err2string(rc));
8791 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8792 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8793 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8800 * Due to limits in active directory we need to use the LDAP
8801 * range semantics to query and return all the values in
8802 * large lists, we will stop increasing the range when
8803 * the result count is 0.
8811 memset(sub_filter, '\0', sizeof(sub_filter));
8812 memset(range, '\0', sizeof(range));
8813 sprintf(sub_filter, "(objectClass=msExchMDB)");
8816 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8818 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8820 attr_array[0] = range;
8821 attr_array[1] = NULL;
8823 sub_group_base = NULL;
8824 sub_group_count = 0;
8826 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8827 attr_array, &sub_group_base,
8829 LDAP_SCOPE_SUBTREE)) != 0)
8831 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8832 ldap_err2string(rc));
8836 if(!sub_group_count)
8842 rangeHigh = rangeLow + (rangeStep - 1);
8849 mdbbl_count += sub_group_count;
8850 rangeLow = rangeHigh + 1;
8851 rangeHigh = rangeLow + (rangeStep - 1);
8854 /* First time through, need to initialize or update the least used */
8856 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8859 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8861 homeMDB_count = mdbbl_count;
8862 *homeMDB = strdup(gPtr->dn);
8866 linklist_free(sub_group_base);
8870 linklist_free(group_base);
8873 * Ok found the server least allocated need to now query to get its
8874 * msExchHomeServerName so we can set it as a user attribute
8877 attr_array[0] = "legacyExchangeDN";
8878 attr_array[1] = NULL;
8883 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8884 attr_array, &group_base,
8886 LDAP_SCOPE_SUBTREE)) != 0)
8888 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8889 ldap_err2string(rc));
8895 *homeServerName = strdup(group_base->value);
8896 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8902 linklist_free(group_base);
8907 char *lowercase(char *s)
8911 for (p = s; *p; p++)
8919 char *uppercase(char *s)
8923 for (p = s; *p; p++)
8931 char *escape_string(char *s)
8939 memset(string, '\0', sizeof(string));
8943 /* Replace leading spaces */
8945 while(isspace(*q)) {
8952 /* Escape any special characters */
8954 for(; *q != '\0'; q++) {
8977 return strdup(string);
8980 int save_query_info(int argc, char **argv, void *hint)
8983 char **nargv = hint;
8985 for(i = 0; i < argc; i++)
8986 nargv[i] = strdup(argv[i]);
8991 int save_fsgroup_info(int argc, char **argv, void *hint)
8994 char **nargv = hint;
8998 for(i = 0; i < argc; i++)
8999 nargv[i] = strdup(argv[i]);