2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 7 machines/test/bottom description location contact USER 105316 2222
86 * arguments when moira deletes a container (OU).
87 * containers 7 0 machines/test/bottom description location contact USER 105316 2222
89 * arguments when moira modifies a container information (OU).
90 * containers 7 7 machines/test/bottom description location contact USER 105316 2222 machines/test/bottom description1 location contact USER 105316 2222
92 #include <mit-copyright.h>
104 #include <moira_site.h>
105 #include <mrclient.h>
114 #define ECONNABORTED WSAECONNABORTED
117 #define ECONNREFUSED WSAECONNREFUSED
120 #define EHOSTUNREACH WSAEHOSTUNREACH
122 #define krb5_xfree free
124 #define sleep(A) Sleep(A * 1000);
128 #include <sys/types.h>
129 #include <netinet/in.h>
130 #include <arpa/nameser.h>
132 #include <sys/utsname.h>
135 #define WINADCFG "/moira/winad/winad.cfg"
136 #define strnicmp(A,B,C) strncasecmp(A,B,C)
137 #define UCHAR unsigned char
139 #define UF_SCRIPT 0x0001
140 #define UF_ACCOUNTDISABLE 0x0002
141 #define UF_HOMEDIR_REQUIRED 0x0008
142 #define UF_LOCKOUT 0x0010
143 #define UF_PASSWD_NOTREQD 0x0020
144 #define UF_PASSWD_CANT_CHANGE 0x0040
145 #define UF_DONT_EXPIRE_PASSWD 0x10000
147 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
148 #define UF_NORMAL_ACCOUNT 0x0200
149 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
150 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
151 #define UF_SERVER_TRUST_ACCOUNT 0x2000
154 #define BYTE unsigned char
156 typedef unsigned int DWORD;
157 typedef unsigned long ULONG;
162 unsigned short Data2;
163 unsigned short Data3;
164 unsigned char Data4[8];
167 typedef struct _SID_IDENTIFIER_AUTHORITY {
169 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
171 typedef struct _SID {
173 BYTE SubAuthorityCount;
174 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
175 DWORD SubAuthority[512];
180 #define WINADCFG "winad.cfg"
184 #define WINAFS "\\\\afs\\all\\"
186 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
187 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
188 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
189 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
190 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
192 #define QUERY_VERSION -1
193 #define PRIMARY_REALM "ATHENA.MIT.EDU"
202 #define MEMBER_REMOVE 2
203 #define MEMBER_CHANGE_NAME 3
204 #define MEMBER_ACTIVATE 4
205 #define MEMBER_DEACTIVATE 5
206 #define MEMBER_CREATE 6
208 #define MOIRA_ALL 0x0
209 #define MOIRA_USERS 0x1
210 #define MOIRA_KERBEROS 0x2
211 #define MOIRA_STRINGS 0x4
212 #define MOIRA_LISTS 0x8
214 #define CHECK_GROUPS 1
215 #define CLEANUP_GROUPS 2
217 #define AD_NO_GROUPS_FOUND -1
218 #define AD_WRONG_GROUP_DN_FOUND -2
219 #define AD_MULTIPLE_GROUPS_FOUND -3
220 #define AD_INVALID_NAME -4
221 #define AD_LDAP_FAILURE -5
222 #define AD_INVALID_FILESYS -6
223 #define AD_NO_ATTRIBUTE_FOUND -7
224 #define AD_NO_OU_FOUND -8
225 #define AD_NO_USER_FOUND -9
227 /* container arguments */
228 #define CONTAINER_NAME 0
229 #define CONTAINER_DESC 1
230 #define CONTAINER_LOCATION 2
231 #define CONTAINER_CONTACT 3
232 #define CONTAINER_TYPE 4
233 #define CONTAINER_ID 5
234 #define CONTAINER_ROWID 6
236 typedef struct lk_entry {
246 struct lk_entry *next;
249 #define STOP_FILE "/moira/winad/nowinad"
250 #define file_exists(file) (access((file), F_OK) == 0)
252 #define LDAP_BERVAL struct berval
253 #define MAX_SERVER_NAMES 32
255 #define ADD_ATTR(t, v, o) \
256 mods[n] = malloc(sizeof(LDAPMod)); \
257 mods[n]->mod_op = o; \
258 mods[n]->mod_type = t; \
259 mods[n++]->mod_values = v
261 LK_ENTRY *member_base = NULL;
262 LK_ENTRY *sid_base = NULL;
263 LK_ENTRY **sid_ptr = NULL;
264 static char tbl_buf[1024];
265 char kerberos_ou[] = "OU=kerberos,OU=moira";
266 char contact_ou[] = "OU=strings,OU=moira";
267 char user_ou[] = "OU=users,OU=moira";
268 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
269 char group_ou_root[] = "OU=lists,OU=moira";
270 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
271 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
272 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
273 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
274 char orphans_other_ou[] = "OU=Other,OU=Orphans";
276 char ldap_domain[256];
277 int mr_connections = 0;
279 char default_server[256];
280 static char tbl_buf[1024];
282 extern int set_password(char *user, char *password, char *domain);
284 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
285 char *group_membership, char *MoiraId, char *attribute,
286 LK_ENTRY **linklist_base, int *linklist_count,
288 void AfsToWinAfs(char* path, char* winPath);
289 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
290 char *Win2kPassword, char *Win2kUser, char *default_server,
292 void ad_kdc_disconnect();
293 void check_winad(void);
294 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
296 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
297 char *distinguishedName, int count, char **av);
298 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
299 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
300 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
301 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
302 char *distinguishedName, int count, char **av);
303 void container_get_dn(char *src, char *dest);
304 void container_get_name(char *src, char *dest);
305 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
306 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
307 int afterc, char **after);
308 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
309 int afterc, char **after);
311 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
312 char *fs_type, char *fs_pack, int operation);
313 int get_group_membership(char *group_membership, char *group_ou,
314 int *security_flag, char **av);
315 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou);
316 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
317 char *group_name, char *group_ou, char *group_membership,
318 int group_security_flag, int type);
319 int process_lists(int ac, char **av, void *ptr);
320 int user_create(int ac, char **av, void *ptr);
321 int user_change_status(LDAP *ldap_handle, char *dn_path,
322 char *user_name, char *MoiraId, int operation);
323 int user_delete(LDAP *ldap_handle, char *dn_path,
324 char *u_name, char *MoiraId);
325 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
327 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
328 char *uid, char *MitId, char *MoiraId, int State);
329 void change_to_lower_case(char *ptr);
330 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
331 int group_create(int ac, char **av, void *ptr);
332 int group_delete(LDAP *ldap_handle, char *dn_path,
333 char *group_name, char *group_membership, char *MoiraId);
334 int group_rename(LDAP *ldap_handle, char *dn_path,
335 char *before_group_name, char *before_group_membership,
336 char *before_group_ou, int before_security_flag, char *before_desc,
337 char *after_group_name, char *after_group_membership,
338 char *after_group_ou, int after_security_flag, char *after_desc,
339 char *MoiraId, char *filter);
340 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
341 char *group_name, char *group_ou, char *group_membership,
342 int group_security_flag, int updateGroup);
343 int member_list_build(int ac, char **av, void *ptr);
344 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
345 char *group_ou, char *group_membership,
346 char *user_name, char *pUserOu, char *MoiraId);
347 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
348 char *group_ou, char *group_membership, char *user_name,
349 char *pUserOu, char *MoiraId);
350 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
351 char *group_ou, char *group_membership,
352 int group_security_flag, char *MoiraId);
353 int sid_update(LDAP *ldap_handle, char *dn_path);
354 int check_string(char *s);
355 int check_container_name(char* s);
356 void convert_b_to_a(char *string, UCHAR *binary, int length);
357 int mr_connect_cl(char *server, char *client, int version, int auth);
359 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
360 char **before, int beforec, char **after, int afterc);
361 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
362 char **before, int beforec, char **after, int afterc);
363 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
364 char **before, int beforec, char **after, int afterc);
365 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
366 char **before, int beforec, char **after, int afterc);
367 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
368 char **before, int beforec, char **after, int afterc);
369 int linklist_create_entry(char *attribute, char *value,
370 LK_ENTRY **linklist_entry);
371 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
372 char **attr_array, LK_ENTRY **linklist_base,
373 int *linklist_count);
374 void linklist_free(LK_ENTRY *linklist_base);
376 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
377 char *distinguished_name, LK_ENTRY **linklist_current);
378 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
379 LK_ENTRY **linklist_base, int *linklist_count);
380 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
381 char *Attribute, char *distinguished_name,
382 LK_ENTRY **linklist_current);
384 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
385 char *oldValue, char *newValue,
386 char ***modvalues, int type);
387 void free_values(char **modvalues);
389 int convert_domain_to_dn(char *domain, char **bind_path);
390 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
391 char *distinguished_name);
392 int moira_disconnect(void);
393 int moira_connect(void);
394 void print_to_screen(const char *fmt, ...);
396 int main(int argc, char **argv)
409 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
413 com_err(whoami, 0, "%s", "argc < 4");
416 beforec = atoi(argv[2]);
417 afterc = atoi(argv[3]);
419 if (argc < (4 + beforec + afterc))
421 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
427 after = &argv[4 + beforec];
429 for (i = 1; i < argc; i++)
431 strcat(tbl_buf, argv[i]);
432 strcat(tbl_buf, " ");
434 com_err(whoami, 0, "%s", tbl_buf);
438 memset(ldap_domain, '\0', sizeof(ldap_domain));
439 if ((fptr = fopen(WINADCFG, "r")) != NULL)
441 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
444 if (strlen(ldap_domain) == 0)
445 strcpy(ldap_domain, "win.mit.edu");
446 initialize_sms_error_table();
447 initialize_krb_error_table();
449 memset(default_server, '\0', sizeof(default_server));
450 memset(dn_path, '\0', sizeof(dn_path));
451 for (i = 0; i < 5; i++)
453 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1)))
459 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
463 for (i = 0; i < (int)strlen(table); i++)
464 table[i] = tolower(table[i]);
465 if (!strcmp(table, "users"))
466 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
468 else if (!strcmp(table, "list"))
469 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
471 else if (!strcmp(table, "imembers"))
472 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
474 else if (!strcmp(table, "filesys"))
475 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
477 else if (!strcmp(table, "containers"))
478 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
481 rc = ldap_unbind_s(ldap_handle);
485 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
486 char **before, int beforec, char **after, int afterc)
489 if ((beforec == 0) && (afterc == 0))
492 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
494 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
495 container_delete(ldap_handle, dn_path, beforec, before);
498 if ((beforec == 0) && (afterc != 0)) /*create a container*/
500 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
501 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
502 container_create(ldap_handle, dn_path, afterc, after);
506 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
508 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
509 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
512 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
513 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
517 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
518 char **before, int beforec, char **after, int afterc)
531 if (afterc < FS_CREATE)
535 atype = !strcmp(after[FS_TYPE], "AFS");
536 acreate = atoi(after[FS_CREATE]);
539 if (beforec < FS_CREATE)
541 if (acreate == 0 || atype == 0)
543 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
547 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
548 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
550 if (rc != LDAP_SUCCESS)
551 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
558 if (rc = moira_connect())
560 critical_alert("AD incremental",
561 "Error contacting Moira server : %s",
565 av[0] = after[FS_NAME];
566 call_args[0] = (char *)ldap_handle;
567 call_args[1] = dn_path;
573 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
577 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
583 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
586 if (sid_base != NULL)
588 sid_update(ldap_handle, dn_path);
589 linklist_free(sid_base);
597 btype = !strcmp(before[FS_TYPE], "AFS");
598 bcreate = atoi(before[FS_CREATE]);
599 if (afterc < FS_CREATE)
601 if (btype && bcreate)
603 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
604 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
606 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
615 if (!atype && !btype)
617 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
619 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
620 before[FS_NAME], after[FS_NAME]);
624 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
628 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
629 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
631 if (rc != LDAP_SUCCESS)
632 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
639 if (rc = moira_connect())
641 critical_alert("AD incremental",
642 "Error contacting Moira server : %s",
646 av[0] = after[FS_NAME];
647 call_args[0] = (char *)ldap_handle;
648 call_args[1] = dn_path;
654 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
658 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
664 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
667 if (sid_base != NULL)
669 sid_update(ldap_handle, dn_path);
670 linklist_free(sid_base);
680 #define L_LIST_DESC 9
683 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
684 char **before, int beforec, char **after, int afterc)
688 char group_membership[6];
693 char before_list_id[32];
694 char before_group_membership[1];
695 int before_security_flag;
696 char before_group_ou[256];
697 LK_ENTRY *ptr = NULL;
699 if (beforec == 0 && afterc == 0)
702 memset(list_id, '\0', sizeof(list_id));
703 memset(before_list_id, '\0', sizeof(before_list_id));
704 memset(before_group_ou, '\0', sizeof(before_group_ou));
705 memset(before_group_membership, '\0', sizeof(before_group_membership));
706 memset(group_ou, '\0', sizeof(group_ou));
707 memset(group_membership, '\0', sizeof(group_membership));
712 if (beforec < L_LIST_ID)
714 if (beforec > L_LIST_DESC)
716 strcpy(before_list_id, before[L_LIST_ID]);
718 before_security_flag = 0;
719 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
723 if (afterc < L_LIST_ID)
725 if (afterc > L_LIST_DESC)
727 strcpy(list_id, before[L_LIST_ID]);
730 get_group_membership(group_membership, group_ou, &security_flag, after);
733 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
740 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
741 before_group_ou, before_group_membership,
742 before_security_flag, CHECK_GROUPS)))
744 if (rc == AD_NO_GROUPS_FOUND)
748 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
750 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
751 before_group_ou, before_group_membership,
752 before_security_flag, CLEANUP_GROUPS);
754 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
756 com_err(whoami, 0, "Could not change list name from %s to %s",
757 before[L_NAME], after[L_NAME]);
760 if (rc == AD_NO_GROUPS_FOUND)
766 if ((beforec != 0) && (afterc != 0))
768 if (((strcmp(after[L_NAME], before[L_NAME])) ||
769 ((!strcmp(after[L_NAME], before[L_NAME])) &&
770 (strcmp(before_group_ou, group_ou)))) &&
773 com_err(whoami, 0, "Changing list name from %s to %s",
774 before[L_NAME], after[L_NAME]);
775 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
776 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
778 com_err(whoami, 0, "%s", "couldn't find the group OU's");
781 memset(filter, '\0', sizeof(filter));
782 if ((rc = group_rename(ldap_handle, dn_path,
783 before[L_NAME], before_group_membership,
784 before_group_ou, before_security_flag, before[L_LIST_DESC],
785 after[L_NAME], group_membership,
786 group_ou, security_flag, after[L_LIST_DESC],
789 if (rc != AD_NO_GROUPS_FOUND)
791 com_err(whoami, 0, "Could not change list name from %s to %s",
792 before[L_NAME], after[L_NAME]);
805 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
807 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
810 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
811 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
812 before_group_membership, before_list_id);
819 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
820 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
821 group_ou, group_membership,
822 security_flag, CHECK_GROUPS))
824 if (rc != AD_NO_GROUPS_FOUND)
826 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
828 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
829 group_ou, group_membership,
830 security_flag, CLEANUP_GROUPS);
834 com_err(whoami, 0, "Could not create list %s", after[L_NAME]);
841 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
843 if (rc = moira_connect())
845 critical_alert("AD incremental",
846 "Error contacting Moira server : %s",
851 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
852 group_ou, group_membership, security_flag, updateGroup))
857 if (atoi(after[L_ACTIVE]))
859 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
860 group_membership, security_flag, list_id);
868 #define LM_EXTRA_ACTIVE (LM_END)
869 #define LM_EXTRA_PUBLIC (LM_END+1)
870 #define LM_EXTRA_HIDDEN (LM_END+2)
871 #define LM_EXTRA_MAILLIST (LM_END+3)
872 #define LM_EXTRA_GROUP (LM_END+4)
873 #define LM_EXTRA_GID (LM_END+5)
874 #define LMN_LIST_ID (LM_END+6)
875 #define LM_LIST_ID (LM_END+7)
876 #define LM_USER_ID (LM_END+8)
877 #define LM_EXTRA_END (LM_END+9)
879 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
880 char **before, int beforec, char **after, int afterc)
882 char group_name[128];
885 char moira_list_id[32];
886 char moira_user_id[32];
887 char group_membership[1];
889 char machine_ou[256];
900 memset(moira_list_id, '\0', sizeof(moira_list_id));
901 memset(moira_user_id, '\0', sizeof(moira_user_id));
904 if (afterc < LM_EXTRA_GID)
906 if (!atoi(after[LM_EXTRA_ACTIVE]))
909 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
911 strcpy(user_name, after[LM_MEMBER]);
912 strcpy(group_name, after[LM_LIST]);
913 strcpy(user_type, after[LM_TYPE]);
914 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
916 if (afterc > LM_EXTRA_GROUP)
918 strcpy(moira_list_id, before[LM_EXTRA_GID]);
919 strcpy(moira_user_id, before[LMN_LIST_ID]);
922 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
924 if (afterc > LMN_LIST_ID)
926 strcpy(moira_list_id, after[LM_LIST_ID]);
927 strcpy(moira_user_id, after[LM_USER_ID]);
932 if (afterc > LM_EXTRA_GID)
933 strcpy(moira_list_id, after[LMN_LIST_ID]);
938 if (beforec < LM_EXTRA_GID)
940 if (!atoi(before[LM_EXTRA_ACTIVE]))
943 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
945 strcpy(user_name, before[LM_MEMBER]);
946 strcpy(group_name, before[LM_LIST]);
947 strcpy(user_type, before[LM_TYPE]);
948 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
950 if (beforec > LM_EXTRA_GROUP)
952 strcpy(moira_list_id, before[LM_EXTRA_GID]);
953 strcpy(moira_user_id, before[LMN_LIST_ID]);
956 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
958 if (beforec > LMN_LIST_ID)
960 strcpy(moira_list_id, before[LM_LIST_ID]);
961 strcpy(moira_user_id, before[LM_USER_ID]);
966 if (beforec > LM_EXTRA_GID)
967 strcpy(moira_list_id, before[LMN_LIST_ID]);
974 args[L_NAME] = ptr[LM_LIST];
975 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
976 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
977 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
978 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
979 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
980 args[L_GID] = ptr[LM_EXTRA_GID];
983 memset(group_ou, '\0', sizeof(group_ou));
984 get_group_membership(group_membership, group_ou, &security_flag, args);
985 if (strlen(group_ou) == 0)
987 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
990 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
992 if (rc != AD_NO_GROUPS_FOUND)
994 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
996 if (rc != AD_NO_GROUPS_FOUND)
999 com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name);
1001 com_err(whoami, 0, "Couldn't remove %s from group %s - unable to process group", user_name, group_name);
1007 if (rc == AD_NO_GROUPS_FOUND)
1009 if (rc = moira_connect())
1011 critical_alert("AD incremental",
1012 "Error contacting Moira server : %s",
1017 com_err(whoami, 0, "creating group %s", group_name);
1018 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1019 group_ou, group_membership, security_flag, 0))
1024 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1026 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1027 group_membership, security_flag, moira_list_id);
1034 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1036 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1038 memset(machine_ou, '\0', sizeof(machine_ou));
1039 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou))
1041 pUserOu = machine_ou;
1043 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1045 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1047 pUserOu = contact_ou;
1049 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1051 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1053 pUserOu = kerberos_ou;
1055 if (rc = member_remove(ldap_handle, dn_path, group_name,
1056 group_ou, group_membership, ptr[LM_MEMBER],
1057 pUserOu, moira_list_id))
1058 com_err(whoami, 0, "couldn't remove %s from group %s", user_name, group_name);
1062 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1065 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1067 memset(machine_ou, '\0', sizeof(machine_ou));
1068 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou))
1070 pUserOu = machine_ou;
1072 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1074 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1076 pUserOu = contact_ou;
1078 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1080 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1082 pUserOu = kerberos_ou;
1084 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1086 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1087 moira_user_id)) == AD_NO_USER_FOUND)
1089 if (rc = moira_connect())
1091 critical_alert("AD incremental",
1092 "Error connection to Moira : %s",
1096 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1097 av[0] = ptr[LM_MEMBER];
1098 call_args[0] = (char *)ldap_handle;
1099 call_args[1] = dn_path;
1100 call_args[2] = moira_user_id;
1101 call_args[3] = NULL;
1103 sid_ptr = &sid_base;
1105 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1109 com_err(whoami, 0, "couldn't create user %s : %s",
1110 ptr[LM_MEMBER], error_message(rc));
1116 com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]);
1120 if (sid_base != NULL)
1122 sid_update(ldap_handle, dn_path);
1123 linklist_free(sid_base);
1134 if (rc = member_add(ldap_handle, dn_path, group_name,
1135 group_ou, group_membership, ptr[LM_MEMBER],
1136 pUserOu, moira_list_id))
1138 com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name);
1144 #define U_USER_ID 10
1146 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1147 char **before, int beforec, char **after,
1152 char after_user_id[32];
1153 char before_user_id[32];
1156 if ((beforec == 0) && (afterc == 0))
1159 memset(after_user_id, '\0', sizeof(after_user_id));
1160 memset(before_user_id, '\0', sizeof(before_user_id));
1161 if (beforec > U_USER_ID)
1162 strcpy(before_user_id, before[U_USER_ID]);
1163 if (afterc > U_USER_ID)
1164 strcpy(after_user_id, after[U_USER_ID]);
1166 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1169 if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/
1170 return; /*account is first created but not usable*/
1172 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1174 if (atoi(before[U_STATE]) == 0)
1176 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1177 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1182 /*process anything that gets here*/
1183 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1184 before_user_id)) == AD_NO_USER_FOUND)
1186 if (!check_string(after[U_NAME]))
1188 if (rc = moira_connect())
1190 critical_alert("AD incremental",
1191 "Error connection to Moira : %s",
1195 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1197 av[0] = after[U_NAME];
1198 call_args[0] = (char *)ldap_handle;
1199 call_args[1] = dn_path;
1200 call_args[2] = after_user_id;
1201 call_args[3] = NULL;
1203 sid_ptr = &sid_base;
1205 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1209 com_err(whoami, 0, "couldn't create user %s : %s",
1210 after[U_NAME], error_message(rc));
1216 com_err(whoami, 0, "couldn't create user %s", after[U_NAME]);
1220 if (sid_base != NULL)
1222 sid_update(ldap_handle, dn_path);
1223 linklist_free(sid_base);
1232 if (strcmp(before[U_NAME], after[U_NAME]))
1234 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1236 com_err(whoami, 0, "changing user %s to %s",
1237 before[U_NAME], after[U_NAME]);
1238 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1239 after[U_NAME])) != LDAP_SUCCESS)
1245 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1246 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1247 after[U_UID], after[U_MITID],
1248 after_user_id, atoi(after[U_STATE]));
1252 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1253 char *oldValue, char *newValue,
1254 char ***modvalues, int type)
1256 LK_ENTRY *linklist_ptr;
1260 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1265 for (i = 0; i < (modvalue_count + 1); i++)
1266 (*modvalues)[i] = NULL;
1267 if (modvalue_count != 0)
1269 linklist_ptr = linklist_base;
1270 for (i = 0; i < modvalue_count; i++)
1272 if ((oldValue != NULL) && (newValue != NULL))
1274 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1277 if (type == REPLACE)
1279 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1282 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1283 strcpy((*modvalues)[i], newValue);
1287 if (((*modvalues)[i] = calloc(1,
1288 (int)(cPtr - linklist_ptr->value) +
1289 (linklist_ptr->length - strlen(oldValue)) +
1290 strlen(newValue) + 1)) == NULL)
1292 memset((*modvalues)[i], '\0',
1293 (int)(cPtr - linklist_ptr->value) +
1294 (linklist_ptr->length - strlen(oldValue)) +
1295 strlen(newValue) + 1);
1296 memcpy((*modvalues)[i], linklist_ptr->value,
1297 (int)(cPtr - linklist_ptr->value));
1298 strcat((*modvalues)[i], newValue);
1299 strcat((*modvalues)[i],
1300 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1305 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1306 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1307 memcpy((*modvalues)[i], linklist_ptr->value,
1308 linklist_ptr->length);
1313 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1314 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1315 memcpy((*modvalues)[i], linklist_ptr->value,
1316 linklist_ptr->length);
1318 linklist_ptr = linklist_ptr->next;
1320 (*modvalues)[i] = NULL;
1326 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1327 char **attr_array, LK_ENTRY **linklist_base,
1328 int *linklist_count)
1331 LDAPMessage *ldap_entry;
1335 (*linklist_base) = NULL;
1336 (*linklist_count) = 0;
1337 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1338 search_exp, attr_array, 0, &ldap_entry))
1341 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1345 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1347 ldap_msgfree(ldap_entry);
1352 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1353 LK_ENTRY **linklist_base, int *linklist_count)
1355 char distinguished_name[1024];
1356 LK_ENTRY *linklist_ptr;
1359 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1362 memset(distinguished_name, '\0', sizeof(distinguished_name));
1363 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1365 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1366 linklist_base)) != 0)
1369 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1371 memset(distinguished_name, '\0', sizeof(distinguished_name));
1372 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1374 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1375 linklist_base)) != 0)
1379 linklist_ptr = (*linklist_base);
1380 (*linklist_count) = 0;
1381 while (linklist_ptr != NULL)
1383 ++(*linklist_count);
1384 linklist_ptr = linklist_ptr->next;
1389 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1390 char *distinguished_name, LK_ENTRY **linklist_current)
1396 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1398 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1400 ldap_memfree(Attribute);
1401 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1404 retrieve_values(ldap_handle, ldap_entry, Attribute,
1405 distinguished_name, linklist_current);
1406 ldap_memfree(Attribute);
1409 ldap_ber_free(ptr, 0);
1413 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1414 char *Attribute, char *distinguished_name,
1415 LK_ENTRY **linklist_current)
1421 LK_ENTRY *linklist_previous;
1422 LDAP_BERVAL **ber_value;
1430 SID_IDENTIFIER_AUTHORITY *sid_auth;
1431 unsigned char *subauth_count;
1432 #endif /*LDAP_BEGUG*/
1435 memset(temp, '\0', sizeof(temp));
1436 if ((!strcmp(Attribute, "objectSid")) ||
1437 (!strcmp(Attribute, "objectGUID")))
1442 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1443 Ptr = (void **)ber_value;
1448 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1449 Ptr = (void **)str_value;
1456 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1458 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1459 linklist_previous->next = (*linklist_current);
1460 (*linklist_current) = linklist_previous;
1462 if (((*linklist_current)->attribute = calloc(1,
1463 strlen(Attribute) + 1)) == NULL)
1465 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1466 strcpy((*linklist_current)->attribute, Attribute);
1469 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1470 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1472 memset((*linklist_current)->value, '\0', ber_length);
1473 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1475 (*linklist_current)->length = ber_length;
1479 if (((*linklist_current)->value = calloc(1,
1480 strlen(*Ptr) + 1)) == NULL)
1482 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1483 (*linklist_current)->length = strlen(*Ptr);
1484 strcpy((*linklist_current)->value, *Ptr);
1486 (*linklist_current)->ber_value = use_bervalue;
1487 if (((*linklist_current)->dn = calloc(1,
1488 strlen(distinguished_name) + 1)) == NULL)
1490 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1491 strcpy((*linklist_current)->dn, distinguished_name);
1494 if (!strcmp(Attribute, "objectGUID"))
1496 guid = (GUID *)((*linklist_current)->value);
1497 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1498 guid->Data1, guid->Data2, guid->Data3,
1499 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1500 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1501 guid->Data4[6], guid->Data4[7]);
1502 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1504 else if (!strcmp(Attribute, "objectSid"))
1506 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1508 print_to_screen(" Revision = %d\n", sid->Revision);
1509 print_to_screen(" SID Identifier Authority:\n");
1510 sid_auth = &sid->IdentifierAuthority;
1511 if (sid_auth->Value[0])
1512 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1513 else if (sid_auth->Value[1])
1514 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1515 else if (sid_auth->Value[2])
1516 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1517 else if (sid_auth->Value[3])
1518 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1519 else if (sid_auth->Value[5])
1520 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1522 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1523 subauth_count = GetSidSubAuthorityCount(sid);
1524 print_to_screen(" SidSubAuthorityCount = %d\n",
1526 print_to_screen(" SidSubAuthority:\n");
1527 for (i = 0; i < *subauth_count; i++)
1529 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1530 print_to_screen(" %u\n", *subauth);
1534 else if ((!memcmp(Attribute, "userAccountControl",
1535 strlen("userAccountControl"))) ||
1536 (!memcmp(Attribute, "sAMAccountType",
1537 strlen("sAmAccountType"))))
1539 intValue = atoi(*Ptr);
1540 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1541 if (!memcmp(Attribute, "userAccountControl",
1542 strlen("userAccountControl")))
1544 if (intValue & UF_ACCOUNTDISABLE)
1545 print_to_screen(" %20s : %s\n",
1546 "", "Account disabled");
1548 print_to_screen(" %20s : %s\n",
1549 "", "Account active");
1550 if (intValue & UF_HOMEDIR_REQUIRED)
1551 print_to_screen(" %20s : %s\n",
1552 "", "Home directory required");
1553 if (intValue & UF_LOCKOUT)
1554 print_to_screen(" %20s : %s\n",
1555 "", "Account locked out");
1556 if (intValue & UF_PASSWD_NOTREQD)
1557 print_to_screen(" %20s : %s\n",
1558 "", "No password required");
1559 if (intValue & UF_PASSWD_CANT_CHANGE)
1560 print_to_screen(" %20s : %s\n",
1561 "", "Cannot change password");
1562 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1563 print_to_screen(" %20s : %s\n",
1564 "", "Temp duplicate account");
1565 if (intValue & UF_NORMAL_ACCOUNT)
1566 print_to_screen(" %20s : %s\n",
1567 "", "Normal account");
1568 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1569 print_to_screen(" %20s : %s\n",
1570 "", "Interdomain trust account");
1571 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1572 print_to_screen(" %20s : %s\n",
1573 "", "Workstation trust account");
1574 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1575 print_to_screen(" %20s : %s\n",
1576 "", "Server trust account");
1581 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1583 #endif /*LDAP_DEBUG*/
1585 if (str_value != NULL)
1586 ldap_value_free(str_value);
1587 if (ber_value != NULL)
1588 ldap_value_free_len(ber_value);
1590 (*linklist_current) = linklist_previous;
1594 int moira_connect(void)
1599 if (!mr_connections++)
1602 memset(HostName, '\0', sizeof(HostName));
1603 strcpy(HostName, "ttsp");
1604 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1606 rc = mr_connect(HostName);
1611 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1613 rc = mr_connect(uts.nodename);
1618 rc = mr_auth("winad.incr");
1625 void check_winad(void)
1629 for (i = 0; file_exists(STOP_FILE); i++)
1633 critical_alert("AD incremental",
1634 "WINAD incremental failed (%s exists): %s",
1635 STOP_FILE, tbl_buf);
1642 int moira_disconnect(void)
1645 if (!--mr_connections)
1652 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1653 char *distinguished_name)
1657 CName = ldap_get_dn(ldap_handle, ldap_entry);
1660 strcpy(distinguished_name, CName);
1661 ldap_memfree(CName);
1664 int linklist_create_entry(char *attribute, char *value,
1665 LK_ENTRY **linklist_entry)
1667 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1668 if (!(*linklist_entry))
1672 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1673 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1674 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1675 strcpy((*linklist_entry)->attribute, attribute);
1676 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1677 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1678 strcpy((*linklist_entry)->value, value);
1679 (*linklist_entry)->length = strlen(value);
1680 (*linklist_entry)->next = NULL;
1684 void print_to_screen(const char *fmt, ...)
1688 va_start(pvar, fmt);
1689 vfprintf(stderr, fmt, pvar);
1694 int get_group_membership(char *group_membership, char *group_ou,
1695 int *security_flag, char **av)
1700 maillist_flag = atoi(av[L_MAILLIST]);
1701 group_flag = atoi(av[L_GROUP]);
1702 if (security_flag != NULL)
1703 (*security_flag) = 0;
1705 if ((maillist_flag) && (group_flag))
1707 if (group_membership != NULL)
1708 group_membership[0] = 'B';
1709 if (security_flag != NULL)
1710 (*security_flag) = 1;
1711 if (group_ou != NULL)
1712 strcpy(group_ou, group_ou_both);
1714 else if ((!maillist_flag) && (group_flag))
1716 if (group_membership != NULL)
1717 group_membership[0] = 'S';
1718 if (security_flag != NULL)
1719 (*security_flag) = 1;
1720 if (group_ou != NULL)
1721 strcpy(group_ou, group_ou_security);
1723 else if ((maillist_flag) && (!group_flag))
1725 if (group_membership != NULL)
1726 group_membership[0] = 'D';
1727 if (group_ou != NULL)
1728 strcpy(group_ou, group_ou_distribution);
1732 if (group_membership != NULL)
1733 group_membership[0] = 'N';
1734 if (group_ou != NULL)
1735 strcpy(group_ou, group_ou_neither);
1740 int group_rename(LDAP *ldap_handle, char *dn_path,
1741 char *before_group_name, char *before_group_membership,
1742 char *before_group_ou, int before_security_flag, char *before_desc,
1743 char *after_group_name, char *after_group_membership,
1744 char *after_group_ou, int after_security_flag, char *after_desc,
1745 char *MoiraId, char *filter)
1750 char new_dn_path[512];
1752 char *attr_array[3];
1753 char *mitMoiraId_v[] = {NULL, NULL};
1754 char *name_v[] = {NULL, NULL};
1755 char *desc_v[] = {NULL, NULL};
1756 char *samAccountName_v[] = {NULL, NULL};
1757 char *groupTypeControl_v[] = {NULL, NULL};
1758 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1759 char groupTypeControlStr[80];
1763 LK_ENTRY *group_base;
1766 if (!check_string(before_group_name))
1768 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1769 return(AD_INVALID_NAME);
1771 if (!check_string(after_group_name))
1773 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1774 return(AD_INVALID_NAME);
1779 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1780 before_group_membership,
1781 MoiraId, "distinguishedName", &group_base,
1782 &group_count, filter))
1785 if (group_count == 0)
1787 return(AD_NO_GROUPS_FOUND);
1789 if (group_count != 1)
1792 "multiple groups with MoiraId = %s exist in the AD",
1794 return(AD_MULTIPLE_GROUPS_FOUND);
1796 strcpy(old_dn, group_base->value);
1798 linklist_free(group_base);
1801 attr_array[0] = "sAMAccountName";
1802 attr_array[1] = NULL;
1803 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1804 &group_base, &group_count)) != 0)
1806 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1807 after_group_name, ldap_err2string(rc));
1810 if (group_count != 1)
1813 "Unable to get sAMAccountName for group %s",
1815 return(AD_LDAP_FAILURE);
1818 strcpy(sam_name, group_base->value);
1819 linklist_free(group_base);
1823 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1824 sprintf(new_dn, "cn=%s", after_group_name);
1825 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1826 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1828 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1829 before_group_name, after_group_name, ldap_err2string(rc));
1833 name_v[0] = after_group_name;
1834 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
1836 sprintf(sam_name, "%s_group", after_group_name);
1840 com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found",
1841 before_group_name, after_group_name);
1844 samAccountName_v[0] = sam_name;
1845 if (after_security_flag)
1846 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1847 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1848 groupTypeControl_v[0] = groupTypeControlStr;
1850 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1851 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1852 desc_v[0] = after_desc;
1853 if (strlen(after_desc) == 0)
1855 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1856 mitMoiraId_v[0] = MoiraId;
1857 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1858 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
1860 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1861 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1863 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
1864 after_group_name, ldap_err2string(rc));
1866 for (i = 0; i < n; i++)
1871 int group_create(int ac, char **av, void *ptr)
1874 LK_ENTRY *group_base;
1877 char new_group_name[256];
1878 char sam_group_name[256];
1879 char cn_group_name[256];
1880 char *cn_v[] = {NULL, NULL};
1881 char *objectClass_v[] = {"top", "group", NULL};
1883 char *samAccountName_v[] = {NULL, NULL};
1884 char *altSecurityIdentities_v[] = {NULL, NULL};
1885 char *member_v[] = {NULL, NULL};
1886 char *name_v[] = {NULL, NULL};
1887 char *desc_v[] = {NULL, NULL};
1888 char *info_v[] = {NULL, NULL};
1889 char *mitMoiraId_v[] = {NULL, NULL};
1890 char *groupTypeControl_v[] = {NULL, NULL};
1891 char groupTypeControlStr[80];
1892 char group_membership[1];
1895 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1901 char *attr_array[3];
1906 if (!check_string(av[L_NAME]))
1908 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
1909 return(AD_INVALID_NAME);
1912 updateGroup = (int)call_args[4];
1913 memset(group_ou, 0, sizeof(group_ou));
1914 memset(group_membership, 0, sizeof(group_membership));
1916 get_group_membership(group_membership, group_ou, &security_flag, av);
1917 strcpy(new_group_name, av[L_NAME]);
1918 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1920 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1922 sprintf(sam_group_name, "%s_group", av[L_NAME]);
1927 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1928 groupTypeControl_v[0] = groupTypeControlStr;
1930 strcpy(cn_group_name, av[L_NAME]);
1932 samAccountName_v[0] = sam_group_name;
1933 name_v[0] = new_group_name;
1934 cn_v[0] = new_group_name;
1937 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1938 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1939 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1940 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1941 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1942 if (strlen(av[L_DESC]) != 0)
1944 desc_v[0] = av[L_DESC];
1945 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1947 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1948 if (strlen(av[L_ACE_NAME]) != 0)
1950 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
1952 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1954 if (strlen(call_args[5]) != 0)
1956 mitMoiraId_v[0] = call_args[5];
1957 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
1961 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1963 for (i = 0; i < n; i++)
1965 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1967 com_err(whoami, 0, "Unable to create/update list %s in AD : %s",
1968 av[L_NAME], ldap_err2string(rc));
1973 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
1977 if (strlen(av[L_DESC]) != 0)
1978 desc_v[0] = av[L_DESC];
1979 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1981 if (strlen(av[L_ACE_NAME]) != 0)
1983 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
1986 ADD_ATTR("info", info_v, LDAP_MOD_REPLACE);
1987 if (strlen(call_args[5]) != 0)
1989 mitMoiraId_v[0] = call_args[5];
1990 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1992 if (!(atoi(av[L_ACTIVE])))
1995 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
1998 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
1999 for (i = 0; i < n; i++)
2003 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2004 if (strlen(call_args[5]) != 0)
2005 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2006 attr_array[0] = "objectSid";
2007 attr_array[1] = NULL;
2010 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2011 &group_base, &group_count)) == LDAP_SUCCESS)
2013 if (group_count != 1)
2015 if (strlen(call_args[5]) != 0)
2017 linklist_free(group_base);
2020 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2021 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2022 attr_array, &group_base, &group_count);
2025 if (group_count == 1)
2027 (*sid_ptr) = group_base;
2028 (*sid_ptr)->member = strdup(av[L_NAME]);
2029 (*sid_ptr)->type = (char *)GROUPS;
2030 sid_ptr = &(*sid_ptr)->next;
2034 if (group_base != NULL)
2035 linklist_free(group_base);
2040 if (group_base != NULL)
2041 linklist_free(group_base);
2043 return(LDAP_SUCCESS);
2046 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2047 char *group_membership, char *MoiraId)
2049 LK_ENTRY *group_base;
2055 if (!check_string(group_name))
2057 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
2058 return(AD_INVALID_NAME);
2061 memset(filter, '\0', sizeof(filter));
2064 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2065 if (rc = ad_get_group(ldap_handle, temp, group_name,
2066 group_membership, MoiraId,
2067 "distinguishedName", &group_base,
2068 &group_count, filter))
2071 if (group_count == 1)
2073 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2075 linklist_free(group_base);
2076 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2077 group_name, ldap_err2string(rc));
2080 linklist_free(group_base);
2084 linklist_free(group_base);
2085 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2086 return(AD_NO_GROUPS_FOUND);
2092 int process_lists(int ac, char **av, void *ptr)
2097 char group_membership[2];
2103 memset(group_ou, '\0', sizeof(group_ou));
2104 memset(group_membership, '\0', sizeof(group_membership));
2105 get_group_membership(group_membership, group_ou, &security_flag, av);
2106 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2107 group_ou, group_membership, call_args[2],
2108 (char *)call_args[3], "");
2112 int member_list_build(int ac, char **av, void *ptr)
2120 strcpy(temp, av[ACE_NAME]);
2121 if (!check_string(temp))
2123 if (!strcmp(av[ACE_TYPE], "USER"))
2125 if (!((int)call_args[3] & MOIRA_USERS))
2128 else if (!strcmp(av[ACE_TYPE], "STRING"))
2130 if (!((int)call_args[3] & MOIRA_STRINGS))
2132 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2135 else if (!strcmp(av[ACE_TYPE], "LIST"))
2137 if (!((int)call_args[3] & MOIRA_LISTS))
2140 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2142 if (!((int)call_args[3] & MOIRA_KERBEROS))
2144 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2150 linklist = member_base;
2153 if (!strcasecmp(temp, linklist->member))
2155 linklist = linklist->next;
2157 linklist = calloc(1, sizeof(LK_ENTRY));
2159 linklist->dn = NULL;
2160 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2161 strcpy(linklist->list, call_args[2]);
2162 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2163 strcpy(linklist->type, av[ACE_TYPE]);
2164 linklist->member = calloc(1, strlen(temp) + 1);
2165 strcpy(linklist->member, temp);
2166 linklist->next = member_base;
2167 member_base = linklist;
2171 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2172 char *group_ou, char *group_membership, char *user_name,
2173 char *UserOu, char *MoiraId)
2175 char distinguished_name[1024];
2183 LK_ENTRY *group_base;
2186 if (!check_string(group_name))
2187 return(AD_INVALID_NAME);
2189 memset(filter, '\0', sizeof(filter));
2192 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2193 group_membership, MoiraId,
2194 "distinguishedName", &group_base,
2195 &group_count, filter))
2198 if (group_count != 1)
2200 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2202 linklist_free(group_base);
2207 strcpy(distinguished_name, group_base->value);
2208 linklist_free(group_base);
2212 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2213 modvalues[0] = temp;
2214 modvalues[1] = NULL;
2217 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2219 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2220 for (i = 0; i < n; i++)
2222 if (rc == LDAP_UNWILLING_TO_PERFORM)
2224 if (rc != LDAP_SUCCESS)
2226 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
2227 group_name, ldap_err2string(rc));
2235 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2236 char *group_ou, char *group_membership, char *user_name,
2237 char *UserOu, char *MoiraId)
2239 char distinguished_name[1024];
2247 LK_ENTRY *group_base;
2250 if (!check_string(group_name))
2251 return(AD_INVALID_NAME);
2254 memset(filter, '\0', sizeof(filter));
2257 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2258 group_membership, MoiraId,
2259 "distinguishedName", &group_base,
2260 &group_count, filter))
2263 if (group_count != 1)
2265 linklist_free(group_base);
2268 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2270 return(AD_MULTIPLE_GROUPS_FOUND);
2273 strcpy(distinguished_name, group_base->value);
2274 linklist_free(group_base);
2278 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2279 modvalues[0] = temp;
2280 modvalues[1] = NULL;
2283 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2285 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2286 if (rc == LDAP_ALREADY_EXISTS)
2288 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2290 if (rc == LDAP_UNWILLING_TO_PERFORM)
2293 for (i = 0; i < n; i++)
2295 if (rc != LDAP_SUCCESS)
2297 com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s",
2298 user_name, group_name, ldap_err2string(rc));
2304 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2308 char cn_user_name[256];
2309 char contact_name[256];
2310 char *email_v[] = {NULL, NULL};
2311 char *cn_v[] = {NULL, NULL};
2312 char *contact_v[] = {NULL, NULL};
2313 char *objectClass_v[] = {"top", "person",
2314 "organizationalPerson",
2316 char *name_v[] = {NULL, NULL};
2317 char *desc_v[] = {NULL, NULL};
2322 if (!check_string(user))
2324 com_err(whoami, 0, "invalid LDAP name %s", user);
2325 return(AD_INVALID_NAME);
2327 strcpy(contact_name, user);
2328 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2329 cn_v[0] = cn_user_name;
2330 contact_v[0] = contact_name;
2332 desc_v[0] = "Auto account created by Moira";
2335 strcpy(new_dn, cn_user_name);
2337 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2338 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2339 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2340 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2341 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2342 if (!strcmp(group_ou, contact_ou))
2344 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2348 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2349 for (i = 0; i < n; i++)
2351 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2354 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2355 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2356 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2357 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2358 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2360 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2361 for (i = 0; i < n; i++)
2364 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2366 com_err(whoami, 0, "could not create contact %s : %s",
2367 user, ldap_err2string(rc));
2373 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2374 char *Uid, char *MitId, char *MoiraId, int State)
2377 LK_ENTRY *group_base;
2379 char distinguished_name[256];
2380 char *mitMoiraId_v[] = {NULL, NULL};
2381 char *uid_v[] = {NULL, NULL};
2382 char *mitid_v[] = {NULL, NULL};
2383 char *homedir_v[] = {NULL, NULL};
2384 char *winProfile_v[] = {NULL, NULL};
2385 char *drives_v[] = {NULL, NULL};
2386 char *userAccountControl_v[] = {NULL, NULL};
2387 char userAccountControlStr[80];
2392 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2394 char *attr_array[3];
2401 char winProfile[256];
2403 if (!check_string(user_name))
2405 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2406 return(AD_INVALID_NAME);
2412 if (strlen(MoiraId) != 0)
2414 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2415 attr_array[0] = "cn";
2416 attr_array[1] = NULL;
2417 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2418 &group_base, &group_count)) != 0)
2420 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2421 user_name, ldap_err2string(rc));
2425 if (group_count != 1)
2427 linklist_free(group_base);
2430 sprintf(filter, "(sAMAccountName=%s)", user_name);
2431 attr_array[0] = "cn";
2432 attr_array[1] = NULL;
2433 sprintf(temp, "%s,%s", user_ou, dn_path);
2434 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2435 &group_base, &group_count)) != 0)
2437 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2438 user_name, ldap_err2string(rc));
2443 if (group_count != 1)
2445 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2447 linklist_free(group_base);
2448 return(AD_NO_USER_FOUND);
2450 strcpy(distinguished_name, group_base->dn);
2452 linklist_free(group_base);
2455 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2457 memset(cWeight, 0, sizeof(cWeight));
2458 memset(cPath, 0, sizeof(cPath));
2459 memset(path, 0, sizeof(path));
2460 memset(winPath, 0, sizeof(winPath));
2463 while (hp[i] != NULL)
2465 if (sscanf(hp[i], "%*s %s", cPath))
2467 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
2469 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
2471 if (atoi(cWeight) < last_weight)
2473 strcpy(path, cPath);
2474 last_weight = (int)atoi(cWeight);
2478 strcpy(path, cPath);
2485 if (!strnicmp(path, AFS, strlen(AFS)))
2487 AfsToWinAfs(path, winPath);
2488 homedir_v[0] = winPath;
2489 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2490 strcpy(winProfile, winPath);
2491 strcat(winProfile, "\\.winprofile");
2492 winProfile_v[0] = winProfile;
2493 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2495 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2500 if (strlen(Uid) == 0)
2502 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2503 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2505 if (strlen(MitId) == 0)
2507 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2508 mitMoiraId_v[0] = MoiraId;
2509 if (strlen(MoiraId) == 0)
2510 mitMoiraId_v[0] = NULL;
2511 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2512 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2513 userAccountControl |= UF_ACCOUNTDISABLE;
2514 sprintf(userAccountControlStr, "%ld", userAccountControl);
2515 userAccountControl_v[0] = userAccountControlStr;
2516 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
2518 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2520 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2521 user_name, ldap_err2string(rc));
2523 for (i = 0; i < n; i++)
2539 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2547 char *userPrincipalName_v[] = {NULL, NULL};
2548 char *altSecurityIdentities_v[] = {NULL, NULL};
2549 char *name_v[] = {NULL, NULL};
2550 char *samAccountName_v[] = {NULL, NULL};
2555 if (!check_string(before_user_name))
2557 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2558 return(AD_INVALID_NAME);
2560 if (!check_string(user_name))
2562 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2563 return(AD_INVALID_NAME);
2566 strcpy(user_name, user_name);
2567 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2568 sprintf(new_dn, "cn=%s", user_name);
2569 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2570 NULL, NULL)) != LDAP_SUCCESS)
2572 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
2573 before_user_name, user_name, ldap_err2string(rc));
2577 name_v[0] = user_name;
2578 sprintf(upn, "%s@%s", user_name, ldap_domain);
2579 userPrincipalName_v[0] = upn;
2580 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2581 altSecurityIdentities_v[0] = temp;
2582 samAccountName_v[0] = user_name;
2585 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2586 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2587 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2590 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2591 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2593 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
2594 user_name, ldap_err2string(rc));
2596 for (i = 0; i < n; i++)
2601 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
2602 char *fs_type, char *fs_pack, int operation)
2604 char distinguished_name[256];
2606 char winProfile[256];
2608 char *attr_array[3];
2609 char *homedir_v[] = {NULL, NULL};
2610 char *winProfile_v[] = {NULL, NULL};
2611 char *drives_v[] = {NULL, NULL};
2617 LK_ENTRY *group_base;
2619 if (!check_string(fs_name))
2621 com_err(whoami, 0, "invalid filesys name %s", fs_name);
2622 return(AD_INVALID_NAME);
2625 if (strcmp(fs_type, "AFS"))
2627 com_err(whoami, 0, "invalid filesys type %s", fs_type);
2628 return(AD_INVALID_FILESYS);
2633 sprintf(filter, "(sAMAccountName=%s)", fs_name);
2634 attr_array[0] = "cn";
2635 attr_array[1] = NULL;
2636 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2637 &group_base, &group_count)) != 0)
2639 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
2640 fs_name, ldap_err2string(rc));
2644 if (group_count != 1)
2646 linklist_free(group_base);
2647 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2649 return(LDAP_NO_SUCH_OBJECT);
2651 strcpy(distinguished_name, group_base->dn);
2652 linklist_free(group_base);
2656 if (operation == LDAP_MOD_ADD)
2658 memset(winPath, 0, sizeof(winPath));
2659 AfsToWinAfs(fs_pack, winPath);
2660 homedir_v[0] = winPath;
2662 memset(winProfile, 0, sizeof(winProfile));
2663 strcpy(winProfile, winPath);
2664 strcat(winProfile, "\\.winprofile");
2665 winProfile_v[0] = winProfile;
2669 homedir_v[0] = NULL;
2671 winProfile_v[0] = NULL;
2673 ADD_ATTR("profilePath", winProfile_v, operation);
2674 ADD_ATTR("homeDrive", drives_v, operation);
2675 ADD_ATTR("homeDirectory", homedir_v, operation);
2678 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2679 if (rc != LDAP_SUCCESS)
2681 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
2682 fs_name, ldap_err2string(rc));
2684 for (i = 0; i < n; i++)
2690 int user_create(int ac, char **av, void *ptr)
2692 LK_ENTRY *group_base;
2695 char user_name[256];
2698 char *cn_v[] = {NULL, NULL};
2699 char *objectClass_v[] = {"top", "person",
2700 "organizationalPerson",
2703 char *samAccountName_v[] = {NULL, NULL};
2704 char *altSecurityIdentities_v[] = {NULL, NULL};
2705 char *mitMoiraId_v[] = {NULL, NULL};
2706 char *name_v[] = {NULL, NULL};
2707 char *desc_v[] = {NULL, NULL};
2708 char *userPrincipalName_v[] = {NULL, NULL};
2709 char *userAccountControl_v[] = {NULL, NULL};
2710 char *uid_v[] = {NULL, NULL};
2711 char *mitid_v[] = {NULL, NULL};
2712 char userAccountControlStr[80];
2714 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2720 char *attr_array[3];
2725 if (!check_string(av[U_NAME]))
2727 callback_rc = AD_INVALID_NAME;
2728 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
2729 return(AD_INVALID_NAME);
2732 strcpy(user_name, av[U_NAME]);
2733 sprintf(upn, "%s@%s", user_name, ldap_domain);
2734 sprintf(sam_name, "%s", av[U_NAME]);
2735 samAccountName_v[0] = sam_name;
2736 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
2737 userAccountControl |= UF_ACCOUNTDISABLE;
2738 sprintf(userAccountControlStr, "%ld", userAccountControl);
2739 userAccountControl_v[0] = userAccountControlStr;
2740 userPrincipalName_v[0] = upn;
2742 cn_v[0] = user_name;
2743 name_v[0] = user_name;
2744 desc_v[0] = "Auto account created by Moira";
2745 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2746 altSecurityIdentities_v[0] = temp;
2747 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2750 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2751 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2752 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2753 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2754 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2755 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2756 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2757 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2758 if (strlen(call_args[2]) != 0)
2760 mitMoiraId_v[0] = call_args[2];
2761 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2763 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2764 if (strlen(av[U_UID]) != 0)
2766 uid_v[0] = av[U_UID];
2767 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2768 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2770 if (strlen(av[U_MITID]) != 0)
2771 mitid_v[0] = av[U_MITID];
2773 mitid_v[0] = "none";
2774 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2777 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2778 for (i = 0; i < n; i++)
2780 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2782 com_err(whoami, 0, "could not create user %s : %s",
2783 user_name, ldap_err2string(rc));
2787 if (rc == LDAP_SUCCESS)
2789 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2791 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
2795 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
2796 if (strlen(call_args[2]) != 0)
2797 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
2798 attr_array[0] = "objectSid";
2799 attr_array[1] = NULL;
2802 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2803 &group_base, &group_count)) == LDAP_SUCCESS)
2805 if (group_count != 1)
2807 if (strlen(call_args[2]) != 0)
2809 linklist_free(group_base);
2812 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
2813 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2814 attr_array, &group_base, &group_count);
2817 if (group_count == 1)
2819 (*sid_ptr) = group_base;
2820 (*sid_ptr)->member = strdup(av[U_NAME]);
2821 (*sid_ptr)->type = (char *)GROUPS;
2822 sid_ptr = &(*sid_ptr)->next;
2826 if (group_base != NULL)
2827 linklist_free(group_base);
2832 if (group_base != NULL)
2833 linklist_free(group_base);
2838 int user_change_status(LDAP *ldap_handle, char *dn_path,
2839 char *user_name, char *MoiraId,
2843 char *attr_array[3];
2845 char distinguished_name[1024];
2847 char *mitMoiraId_v[] = {NULL, NULL};
2849 LK_ENTRY *group_base;
2856 if (!check_string(user_name))
2858 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2859 return(AD_INVALID_NAME);
2865 if (strlen(MoiraId) != 0)
2867 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2868 attr_array[0] = "UserAccountControl";
2869 attr_array[1] = NULL;
2870 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2871 &group_base, &group_count)) != 0)
2873 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2874 user_name, ldap_err2string(rc));
2878 if (group_count != 1)
2880 linklist_free(group_base);
2883 sprintf(filter, "(sAMAccountName=%s)", user_name);
2884 attr_array[0] = "UserAccountControl";
2885 attr_array[1] = NULL;
2886 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2887 &group_base, &group_count)) != 0)
2889 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2890 user_name, ldap_err2string(rc));
2895 if (group_count != 1)
2897 linklist_free(group_base);
2898 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2900 return(LDAP_NO_SUCH_OBJECT);
2903 strcpy(distinguished_name, group_base->dn);
2904 ulongValue = atoi((*group_base).value);
2905 if (operation == MEMBER_DEACTIVATE)
2906 ulongValue |= UF_ACCOUNTDISABLE;
2908 ulongValue &= ~UF_ACCOUNTDISABLE;
2909 sprintf(temp, "%ld", ulongValue);
2910 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2911 temp, &modvalues, REPLACE)) == 1)
2913 linklist_free(group_base);
2917 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2918 if (strlen(MoiraId) != 0)
2920 mitMoiraId_v[0] = MoiraId;
2921 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2924 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2925 for (i = 0; i < n; i++)
2927 free_values(modvalues);
2928 if (rc != LDAP_SUCCESS)
2930 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
2931 user_name, ldap_err2string(rc));
2937 int user_delete(LDAP *ldap_handle, char *dn_path,
2938 char *u_name, char *MoiraId)
2941 char *attr_array[3];
2942 char distinguished_name[1024];
2943 char user_name[512];
2944 LK_ENTRY *group_base;
2948 if (!check_string(u_name))
2949 return(AD_INVALID_NAME);
2951 strcpy(user_name, u_name);
2955 if (strlen(MoiraId) != 0)
2957 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2958 attr_array[0] = "name";
2959 attr_array[1] = NULL;
2960 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2961 &group_base, &group_count)) != 0)
2963 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2964 user_name, ldap_err2string(rc));
2968 if (group_count != 1)
2970 linklist_free(group_base);
2973 sprintf(filter, "(sAMAccountName=%s)", user_name);
2974 attr_array[0] = "name";
2975 attr_array[1] = NULL;
2976 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2977 &group_base, &group_count)) != 0)
2979 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2980 user_name, ldap_err2string(rc));
2985 if (group_count != 1)
2987 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2992 strcpy(distinguished_name, group_base->dn);
2993 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2995 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2996 user_name, ldap_err2string(rc));
3000 linklist_free(group_base);
3004 void linklist_free(LK_ENTRY *linklist_base)
3006 LK_ENTRY *linklist_previous;
3008 while (linklist_base != NULL)
3010 if (linklist_base->dn != NULL)
3011 free(linklist_base->dn);
3012 if (linklist_base->attribute != NULL)
3013 free(linklist_base->attribute);
3014 if (linklist_base->value != NULL)
3015 free(linklist_base->value);
3016 if (linklist_base->member != NULL)
3017 free(linklist_base->member);
3018 if (linklist_base->type != NULL)
3019 free(linklist_base->type);
3020 if (linklist_base->list != NULL)
3021 free(linklist_base->list);
3022 linklist_previous = linklist_base;
3023 linklist_base = linklist_previous->next;
3024 free(linklist_previous);
3028 void free_values(char **modvalues)
3033 if (modvalues != NULL)
3035 while (modvalues[i] != NULL)
3038 modvalues[i] = NULL;
3045 int sid_update(LDAP *ldap_handle, char *dn_path)
3049 unsigned char temp[126];
3056 memset(temp, 0, sizeof(temp));
3057 convert_b_to_a(temp, ptr->value, ptr->length);
3060 av[0] = ptr->member;
3062 if (ptr->type == (char *)GROUPS)
3065 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3067 else if (ptr->type == (char *)USERS)
3070 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3077 void convert_b_to_a(char *string, UCHAR *binary, int length)
3084 for (i = 0; i < length; i++)
3091 if (string[j] > '9')
3094 string[j] = tmp & 0x0f;
3096 if (string[j] > '9')
3103 static int illegalchars[] = {
3104 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3105 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3106 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3107 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3108 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3109 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3112 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3113 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3114 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3115 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3116 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3117 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3118 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3119 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3122 int check_string(char *s)
3129 if (isupper(character))
3130 character = tolower(character);
3131 if (illegalchars[(unsigned) character])
3137 int check_container_name(char *s)
3144 if (isupper(character))
3145 character = tolower(character);
3147 if (character == ' ')
3149 if (illegalchars[(unsigned) character])
3155 int mr_connect_cl(char *server, char *client, int version, int auth)
3161 status = mr_connect(server);
3164 com_err(whoami, status, "while connecting to Moira");
3168 status = mr_motd(&motd);
3172 com_err(whoami, status, "while checking server status");
3177 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3178 com_err(whoami, status, temp);
3183 status = mr_version(version);
3186 if (status == MR_UNKNOWN_PROC)
3189 status = MR_VERSION_HIGH;
3191 status = MR_SUCCESS;
3194 if (status == MR_VERSION_HIGH)
3196 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3197 com_err(whoami, 0, "Some operations may not work.");
3199 else if (status && status != MR_VERSION_LOW)
3201 com_err(whoami, status, "while setting query version number.");
3209 status = mr_auth(client);
3212 com_err(whoami, status, "while authenticating to Moira.");
3221 void AfsToWinAfs(char* path, char* winPath)
3225 strcpy(winPath, WINAFS);
3226 pathPtr = path + strlen(AFS);
3227 winPathPtr = winPath + strlen(WINAFS);
3231 if (*pathPtr == '/')
3234 *winPathPtr = *pathPtr;
3241 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3242 char *group_name, char *group_ou, char *group_membership,
3243 int group_security_flag, int updateGroup)
3250 call_args[0] = (char *)ldap_handle;
3251 call_args[1] = dn_path;
3252 call_args[2] = group_name;
3253 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3254 call_args[4] = (char *)updateGroup;
3255 call_args[5] = MoiraId;
3256 call_args[6] = NULL;
3258 sid_ptr = &sid_base;
3260 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3263 com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc));
3269 com_err(whoami, 0, "Couldn't create list %s", group_name);
3270 return(callback_rc);
3273 if (sid_base != NULL)
3275 sid_update(ldap_handle, dn_path);
3276 linklist_free(sid_base);
3282 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3283 char *group_ou, char *group_membership,
3284 int group_security_flag, char *MoiraId)
3292 com_err(whoami, 0, "Populating group %s", group_name);
3294 call_args[0] = (char *)ldap_handle;
3295 call_args[1] = dn_path;
3296 call_args[2] = group_name;
3297 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3298 call_args[4] = NULL;
3300 if (rc = mr_query("get_end_members_of_list", 1, av,
3301 member_list_build, call_args))
3303 com_err(whoami, 0, "Couldn't populate list %s : %s",
3304 group_name, error_message(rc));
3307 if (member_base != NULL)
3312 if (!strcasecmp(ptr->type, "LIST"))
3318 if (!strcasecmp(ptr->type, "STRING"))
3320 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3322 pUserOu = contact_ou;
3324 else if (!strcasecmp(ptr->type, "KERBEROS"))
3326 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3328 pUserOu = kerberos_ou;
3330 rc = member_add(ldap_handle, dn_path, group_name,
3331 group_ou, group_membership, ptr->member,
3335 linklist_free(member_base);
3341 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3342 char *group_name, char *group_ou, char *group_membership,
3343 int group_security_flag, int type)
3345 char before_desc[512];
3346 char before_name[256];
3347 char before_group_ou[256];
3348 char before_group_membership[2];
3349 char distinguishedName[256];
3350 char ad_distinguishedName[256];
3352 char *attr_array[3];
3353 int before_security_flag;
3356 LK_ENTRY *group_base;
3359 char ou_security[512];
3360 char ou_distribution[512];
3361 char ou_neither[512];
3363 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3364 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3367 memset(filter, '\0', sizeof(filter));
3370 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3372 "distinguishedName", &group_base,
3373 &group_count, filter))
3376 if (type == CHECK_GROUPS)
3378 if (group_count == 1)
3380 if (!strcasecmp(group_base->value, distinguishedName))
3382 linklist_free(group_base);
3386 linklist_free(group_base);
3387 if (group_count == 0)
3388 return(AD_NO_GROUPS_FOUND);
3389 if (group_count == 1)
3390 return(AD_WRONG_GROUP_DN_FOUND);
3391 return(AD_MULTIPLE_GROUPS_FOUND);
3393 if (group_count == 0)
3395 return(AD_NO_GROUPS_FOUND);
3397 if (group_count > 1)
3402 if (!strcasecmp(distinguishedName, ptr->value))
3408 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3412 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3415 linklist_free(group_base);
3416 return(AD_MULTIPLE_GROUPS_FOUND);
3421 if (strcasecmp(distinguishedName, ptr->value))
3422 rc = ldap_delete_s(ldap_handle, ptr->value);
3425 linklist_free(group_base);
3426 memset(filter, '\0', sizeof(filter));
3429 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3431 "distinguishedName", &group_base,
3432 &group_count, filter))
3434 if (group_count == 0)
3435 return(AD_NO_GROUPS_FOUND);
3436 if (group_count > 1)
3437 return(AD_MULTIPLE_GROUPS_FOUND);
3440 strcpy(ad_distinguishedName, group_base->value);
3441 linklist_free(group_base);
3445 attr_array[0] = "sAMAccountName";
3446 attr_array[1] = NULL;
3447 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3448 &group_base, &group_count)) != 0)
3450 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3451 MoiraId, ldap_err2string(rc));
3454 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
3456 if (!strcasecmp(ad_distinguishedName, distinguishedName))
3458 linklist_free(group_base);
3463 linklist_free(group_base);
3466 memset(ou_both, '\0', sizeof(ou_both));
3467 memset(ou_security, '\0', sizeof(ou_security));
3468 memset(ou_distribution, '\0', sizeof(ou_distribution));
3469 memset(ou_neither, '\0', sizeof(ou_neither));
3470 memset(before_name, '\0', sizeof(before_name));
3471 memset(before_desc, '\0', sizeof(before_desc));
3472 memset(before_group_membership, '\0', sizeof(before_group_membership));
3473 attr_array[0] = "name";
3474 attr_array[1] = NULL;
3475 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3476 &group_base, &group_count)) != 0)
3478 com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s",
3479 MoiraId, ldap_err2string(rc));
3482 strcpy(before_name, group_base->value);
3483 linklist_free(group_base);
3486 attr_array[0] = "description";
3487 attr_array[1] = NULL;
3488 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3489 &group_base, &group_count)) != 0)
3492 "LDAP server unable to get list description with MoiraId = %s: %s",
3493 MoiraId, ldap_err2string(rc));
3496 if (group_count != 0)
3498 strcpy(before_desc, group_base->value);
3499 linklist_free(group_base);
3503 change_to_lower_case(ad_distinguishedName);
3504 strcpy(ou_both, group_ou_both);
3505 change_to_lower_case(ou_both);
3506 strcpy(ou_security, group_ou_security);
3507 change_to_lower_case(ou_security);
3508 strcpy(ou_distribution, group_ou_distribution);
3509 change_to_lower_case(ou_distribution);
3510 strcpy(ou_neither, group_ou_neither);
3511 change_to_lower_case(ou_neither);
3512 if (strstr(ad_distinguishedName, ou_both))
3514 strcpy(before_group_ou, group_ou_both);
3515 before_group_membership[0] = 'B';
3516 before_security_flag = 1;
3518 else if (strstr(ad_distinguishedName, ou_security))
3520 strcpy(before_group_ou, group_ou_security);
3521 before_group_membership[0] = 'S';
3522 before_security_flag = 1;
3524 else if (strstr(ad_distinguishedName, ou_distribution))
3526 strcpy(before_group_ou, group_ou_distribution);
3527 before_group_membership[0] = 'D';
3528 before_security_flag = 0;
3530 else if (strstr(ad_distinguishedName, ou_neither))
3532 strcpy(before_group_ou, group_ou_neither);
3533 before_group_membership[0] = 'N';
3534 before_security_flag = 0;
3537 return(AD_NO_OU_FOUND);
3538 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
3539 before_group_ou, before_security_flag, before_desc,
3540 group_name, group_membership, group_ou, group_security_flag,
3541 before_desc, MoiraId, filter);
3545 void change_to_lower_case(char *ptr)
3549 for (i = 0; i < (int)strlen(ptr); i++)
3551 ptr[i] = tolower(ptr[i]);
3555 int ad_get_group(LDAP *ldap_handle, char *dn_path,
3556 char *group_name, char *group_membership,
3557 char *MoiraId, char *attribute,
3558 LK_ENTRY **linklist_base, int *linklist_count,
3563 char *attr_array[3];
3566 (*linklist_base) = NULL;
3567 (*linklist_count) = 0;
3568 if (strlen(rFilter) != 0)
3570 strcpy(filter, rFilter);
3571 attr_array[0] = attribute;
3572 attr_array[1] = NULL;
3573 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3574 linklist_base, linklist_count)) != 0)
3576 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3577 MoiraId, ldap_err2string(rc));
3580 if ((*linklist_count) == 1)
3582 strcpy(rFilter, filter);
3587 linklist_free((*linklist_base));
3588 (*linklist_base) = NULL;
3589 (*linklist_count) = 0;
3590 if (strlen(MoiraId) != 0)
3592 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
3593 attr_array[0] = attribute;
3594 attr_array[1] = NULL;
3595 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3596 linklist_base, linklist_count)) != 0)
3598 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3599 MoiraId, ldap_err2string(rc));
3603 if ((*linklist_count) > 1)
3605 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
3606 pPtr = (*linklist_base);
3609 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
3612 linklist_free((*linklist_base));
3613 (*linklist_base) = NULL;
3614 (*linklist_count) = 0;
3616 if ((*linklist_count) == 1)
3618 strcpy(rFilter, filter);
3622 linklist_free((*linklist_base));
3623 (*linklist_base) = NULL;
3624 (*linklist_count) = 0;
3625 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
3626 attr_array[0] = attribute;
3627 attr_array[1] = NULL;
3628 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3629 linklist_base, linklist_count)) != 0)
3631 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3632 MoiraId, ldap_err2string(rc));
3635 if ((*linklist_count) == 1)
3637 strcpy(rFilter, filter);
3644 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
3647 char *attr_array[3];
3648 char SamAccountName[64];
3651 LK_ENTRY *group_base;
3657 if (strlen(MoiraId) != 0)
3659 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3660 attr_array[0] = "sAMAccountName";
3661 attr_array[1] = NULL;
3662 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3663 &group_base, &group_count)) != 0)
3665 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3666 UserName, ldap_err2string(rc));
3669 if (group_count > 1)
3671 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
3676 com_err(whoami, 0, "user %s exist with MoiraId = %s",
3677 gPtr->value, MoiraId);
3682 if (group_count != 1)
3684 linklist_free(group_base);
3687 sprintf(filter, "(sAMAccountName=%s)", UserName);
3688 attr_array[0] = "sAMAccountName";
3689 attr_array[1] = NULL;
3690 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3691 &group_base, &group_count)) != 0)
3693 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3694 UserName, ldap_err2string(rc));
3699 if (group_count != 1)
3701 linklist_free(group_base);
3702 return(AD_NO_USER_FOUND);
3704 strcpy(SamAccountName, group_base->value);
3705 linklist_free(group_base);
3708 if (strcmp(SamAccountName, UserName))
3710 rc = user_rename(ldap_handle, dn_path, SamAccountName,
3716 void container_get_dn(char *src, char *dest)
3723 memset(array, '\0', 20 * sizeof(array[0]));
3725 if (strlen(src) == 0)
3744 strcpy(dest, "OU=");
3747 strcat(dest, array[n-1]);
3751 strcat(dest, ",OU=");
3757 void container_get_name(char *src, char *dest)
3762 if (strlen(src) == 0)
3779 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
3786 strcpy(cName, name);
3787 for (i = 0; i < (int)strlen(cName); i++)
3789 if (cName[i] == '/')
3792 av[CONTAINER_NAME] = cName;
3793 av[CONTAINER_DESC] = "";
3794 av[CONTAINER_LOCATION] = "";
3795 av[CONTAINER_CONTACT] = "";
3796 av[CONTAINER_TYPE] = "";
3797 av[CONTAINER_ID] = "";
3798 av[CONTAINER_ROWID] = "";
3799 rc = container_create(ldap_handle, dn_path, 7, av);
3800 if (rc == LDAP_SUCCESS)
3802 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
3810 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
3811 int afterc, char **after)
3816 char new_dn_path[256];
3818 char distinguishedName[256];
3823 memset(cName, '\0', sizeof(cName));
3824 container_get_name(after[CONTAINER_NAME], cName);
3825 if (!check_container_name(cName))
3827 com_err(whoami, 0, "invalid LDAP container name %s", cName);
3828 return(AD_INVALID_NAME);
3831 memset(distinguishedName, '\0', sizeof(distinguishedName));
3832 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
3834 if (strlen(distinguishedName) == 0)
3836 rc = container_create(ldap_handle, dn_path, afterc, after);
3840 strcpy(temp, after[CONTAINER_NAME]);
3842 for (i = 0; i < (int)strlen(temp); i++)
3851 container_get_dn(temp, dName);
3852 if (strlen(temp) != 0)
3853 sprintf(new_dn_path, "%s,%s", dName, dn_path);
3855 sprintf(new_dn_path, "%s", dn_path);
3856 sprintf(new_cn, "OU=%s", cName);
3858 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
3860 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
3861 TRUE, NULL, NULL)) != LDAP_SUCCESS)
3863 com_err(whoami, 0, "couldn't rename container from %s to %s : %s",
3864 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
3868 memset(dName, '\0', sizeof(dName));
3869 container_get_dn(after[CONTAINER_NAME], dName);
3870 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
3874 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
3876 char distinguishedName[256];
3879 memset(distinguishedName, '\0', sizeof(distinguishedName));
3880 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
3882 if (strlen(distinguishedName) == 0)
3884 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
3886 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
3887 container_move_objects(ldap_handle, dn_path, distinguishedName);
3889 com_err(whoami, 0, "unable to delete container %s from AD : %s",
3890 av[CONTAINER_NAME], ldap_err2string(rc));
3894 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
3896 char *attr_array[3];
3897 LK_ENTRY *group_base;
3900 char *objectClass_v[] = {"top",
3901 "organizationalUnit",
3904 char *ou_v[] = {NULL, NULL};
3905 char *name_v[] = {NULL, NULL};
3906 char *moiraId_v[] = {NULL, NULL};
3907 char *desc_v[] = {NULL, NULL};
3908 char *managedBy_v[] = {NULL, NULL};
3911 char managedByDN[256];
3918 memset(filter, '\0', sizeof(filter));
3919 memset(dName, '\0', sizeof(dName));
3920 memset(cName, '\0', sizeof(cName));
3921 memset(managedByDN, '\0', sizeof(managedByDN));
3922 container_get_dn(av[CONTAINER_NAME], dName);
3923 container_get_name(av[CONTAINER_NAME], cName);
3925 if ((strlen(cName) == 0) || (strlen(dName) == 0))
3927 com_err(whoami, 0, "invalid LDAP container name %s", cName);
3928 return(AD_INVALID_NAME);
3931 if (!check_container_name(cName))
3933 com_err(whoami, 0, "invalid LDAP container name %s", cName);
3934 return(AD_INVALID_NAME);
3938 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3940 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3942 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
3943 if (strlen(av[CONTAINER_ROWID]) != 0)
3945 moiraId_v[0] = av[CONTAINER_ROWID];
3946 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
3948 if (strlen(av[CONTAINER_DESC]) != 0)
3950 desc_v[0] = av[CONTAINER_DESC];
3951 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3953 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
3955 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
3957 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
3959 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
3960 managedBy_v[0] = managedByDN;
3961 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
3966 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
3968 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
3970 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
3972 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
3974 if (strlen(filter) != 0)
3976 attr_array[0] = "distinguishedName";
3977 attr_array[1] = NULL;
3980 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3981 &group_base, &group_count)) == LDAP_SUCCESS)
3983 if (group_count == 1)
3985 strcpy(managedByDN, group_base->value);
3986 managedBy_v[0] = managedByDN;
3987 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
3989 linklist_free(group_base);
3998 sprintf(temp, "%s,%s", dName, dn_path);
3999 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4000 for (i = 0; i < n; i++)
4002 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4004 com_err(whoami, 0, "couldn't create container %s : %s",
4005 cName, ldap_err2string(rc));
4008 if (rc == LDAP_ALREADY_EXISTS)
4010 if (strlen(av[CONTAINER_ROWID]) != 0)
4011 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4016 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4017 int afterc, char **after)
4019 char distinguishedName[256];
4022 memset(distinguishedName, '\0', sizeof(distinguishedName));
4023 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4025 if (strlen(distinguishedName) == 0)
4027 rc = container_create(ldap_handle, dn_path, afterc, after);
4031 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4032 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4037 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4039 char *attr_array[3];
4040 LK_ENTRY *group_base;
4047 memset(filter, '\0', sizeof(filter));
4048 memset(dName, '\0', sizeof(dName));
4049 memset(cName, '\0', sizeof(cName));
4050 container_get_dn(av[CONTAINER_NAME], dName);
4051 container_get_name(av[CONTAINER_NAME], cName);
4053 if (strlen(dName) == 0)
4055 com_err(whoami, 0, "invalid LDAP container name %s", av[CONTAINER_NAME]);
4056 return(AD_INVALID_NAME);
4059 if (!check_container_name(cName))
4061 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4062 return(AD_INVALID_NAME);
4065 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4066 attr_array[0] = "distinguishedName";
4067 attr_array[1] = NULL;
4070 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4071 &group_base, &group_count)) == LDAP_SUCCESS)
4073 if (group_count == 1)
4075 strcpy(distinguishedName, group_base->value);
4077 linklist_free(group_base);
4081 if (strlen(distinguishedName) == 0)
4083 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4084 attr_array[0] = "distinguishedName";
4085 attr_array[1] = NULL;
4088 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4089 &group_base, &group_count)) == LDAP_SUCCESS)
4091 if (group_count == 1)
4093 strcpy(distinguishedName, group_base->value);
4095 linklist_free(group_base);
4103 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4104 char *distinguishedName, int count, char **av)
4106 char *attr_array[5];
4107 LK_ENTRY *group_base;
4113 char *moiraId_v[] = {NULL, NULL};
4114 char *desc_v[] = {NULL, NULL};
4115 char *managedBy_v[] = {NULL, NULL};
4116 char managedByDN[256];
4124 strcpy(temp, distinguishedName);
4125 if (strlen(dName) != 0)
4126 sprintf(temp, "%s,%s", dName, dn_path);
4128 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", temp);
4129 if (strlen(av[CONTAINER_ID]) != 0)
4130 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4131 attr_array[0] = "mitMoiraId";
4132 attr_array[1] = "description";
4133 attr_array[2] = "managedBy";
4134 attr_array[3] = NULL;
4137 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4138 &group_base, &group_count)) != LDAP_SUCCESS)
4140 com_err(whoami, 0, "couldn't retreive container info for %s : %s",
4141 av[CONTAINER_NAME], ldap_err2string(rc));
4144 memset(managedByDN, '\0', sizeof(managedByDN));
4145 memset(moiraId, '\0', sizeof(moiraId));
4146 memset(desc, '\0', sizeof(desc));
4150 if (!strcasecmp(pPtr->attribute, "description"))
4151 strcpy(desc, pPtr->value);
4152 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4153 strcpy(managedByDN, pPtr->value);
4154 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4155 strcpy(moiraId, pPtr->value);
4158 linklist_free(group_base);
4163 if (strlen(av[CONTAINER_ROWID]) != 0)
4165 moiraId_v[0] = av[CONTAINER_ROWID];
4166 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4168 if (strlen(av[CONTAINER_DESC]) != 0)
4170 desc_v[0] = av[CONTAINER_DESC];
4171 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4175 if (strlen(desc) != 0)
4178 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4181 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4183 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4185 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4187 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4188 managedBy_v[0] = managedByDN;
4189 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4193 if (strlen(managedByDN) != 0)
4195 managedBy_v[0] = NULL;
4196 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4202 memset(filter, '\0', sizeof(filter));
4203 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4205 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4207 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4209 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4211 if (strlen(filter) != 0)
4213 attr_array[0] = "distinguishedName";
4214 attr_array[1] = NULL;
4217 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4218 &group_base, &group_count)) == LDAP_SUCCESS)
4220 if (group_count == 1)
4222 strcpy(managedByDN, group_base->value);
4223 managedBy_v[0] = managedByDN;
4224 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4228 if (strlen(managedByDN) != 0)
4230 managedBy_v[0] = NULL;
4231 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4234 linklist_free(group_base);
4241 if (strlen(managedByDN) != 0)
4243 managedBy_v[0] = NULL;
4244 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4251 return(LDAP_SUCCESS);
4253 strcpy(temp, distinguishedName);
4254 if (strlen(dName) != 0)
4255 sprintf(temp, "%s,%s", dName, dn_path);
4256 rc = ldap_modify_s(ldap_handle, temp, mods);
4257 for (i = 0; i < n; i++)
4259 if (rc != LDAP_SUCCESS)
4261 com_err(whoami, 0, "couldn't modify container info for %s : %s",
4262 av[CONTAINER_NAME], ldap_err2string(rc));
4268 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4270 char *attr_array[3];
4271 LK_ENTRY *group_base;
4278 int NumberOfEntries = 10;
4282 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4284 for (i = 0; i < 3; i++)
4286 memset(filter, '\0', sizeof(filter));
4289 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4290 attr_array[0] = "cn";
4291 attr_array[1] = NULL;
4295 strcpy(filter, "(objectClass=computer)");
4296 attr_array[0] = "cn";
4297 attr_array[1] = NULL;
4301 strcpy(filter, "(objectClass=organizationalUnit)");
4302 attr_array[0] = "ou";
4303 attr_array[1] = NULL;
4308 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
4309 &group_base, &group_count)) != LDAP_SUCCESS)
4313 if (group_count == 0)
4318 if (!strcasecmp(pPtr->attribute, "cn"))
4320 sprintf(new_cn, "cn=%s", pPtr->value);
4322 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
4324 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
4328 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
4330 if (rc == LDAP_ALREADY_EXISTS)
4332 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
4339 else if (!strcasecmp(pPtr->attribute, "ou"))
4341 rc = ldap_delete_s(ldap_handle, pPtr->dn);
4345 linklist_free(group_base);
4353 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou)
4355 LK_ENTRY *group_base;
4359 char *attr_array[3];
4367 pPtr = strchr(member, '.');
4373 sprintf(filter, "(sAMAccountName=%s$)", member);
4374 attr_array[0] = "cn";
4375 attr_array[1] = NULL;
4376 sprintf(temp, "%s", dn_path);
4377 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4378 &group_base, &group_count)) != 0)
4380 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
4381 member, ldap_err2string(rc));
4384 if (group_count != 1)
4386 com_err(whoami, 0, "LDAP server couldn't process machine %s : machine not found in AD",
4390 strcpy(dn, group_base->dn);
4391 strcpy(cn, group_base->value);
4392 for (i = 0; i < (int)strlen(dn); i++)
4393 dn[i] = tolower(dn[i]);
4394 for (i = 0; i < (int)strlen(cn); i++)
4395 cn[i] = tolower(cn[i]);
4396 linklist_free(group_base);
4398 pPtr = strstr(dn, cn);
4401 com_err(whoami, 0, "LDAP server couldn't process machine %s",
4405 pPtr += strlen(cn) + 1;
4406 strcpy(machine_ou, pPtr);
4408 pPtr = strstr(machine_ou, "dc=");
4411 com_err(whoami, 0, "LDAP server couldn't process machine %s",