2 /* test parameters for creating a user account - done
3 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
4 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
5 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
7 * test parameters for deactivating/deleting a user account - done
8 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
9 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
10 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
11 * comment: clearid is the MIT ID
13 * test parameters for reactivating a user account - done
14 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
15 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
17 * test parameters for updating user account info - done
18 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF
19 * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF
20 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
21 * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated
23 * test parameters for changing user name - testing
24 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
25 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
28 * test parameters for add member to group/list - done
29 * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1
30 * imembers 0 9 pismere-team STRING hope@ful.net 1 1 0 1 1 -1
31 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
33 * test parameters for remove member from group/list - done
34 * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1
35 * imembers 9 0 pismere-team STRING hope@ful.net 1 1 0 1 1 -1
36 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
38 * test parameters for creating and/or populating a group/list - done
39 * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description
40 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
42 * test parameters for deleting a group/list - done
43 * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description
44 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
46 * test parameters for renaming a group/list - done
47 * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description
48 * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description
49 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
51 #include <mit-copyright.h>
63 #include <moira_site.h>
73 #define ECONNABORTED WSAECONNABORTED
76 #define ECONNREFUSED WSAECONNREFUSED
79 #define EHOSTUNREACH WSAEHOSTUNREACH
81 #define krb5_xfree free
83 #define sleep(A) Sleep(A * 1000);
87 #include <sys/types.h>
88 #include <netinet/in.h>
89 #include <arpa/nameser.h>
91 #include <sys/utsname.h>
94 #define strnicmp(A,B,C) strncasecmp(A,B,C)
95 #define UCHAR unsigned char
97 #define UF_SCRIPT 0x0001
98 #define UF_ACCOUNTDISABLE 0x0002
99 #define UF_HOMEDIR_REQUIRED 0x0008
100 #define UF_LOCKOUT 0x0010
101 #define UF_PASSWD_NOTREQD 0x0020
102 #define UF_PASSWD_CANT_CHANGE 0x0040
103 #define UF_DONT_EXPIRE_PASSWD 0x10000
105 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
106 #define UF_NORMAL_ACCOUNT 0x0200
107 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
108 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
109 #define UF_SERVER_TRUST_ACCOUNT 0x2000
112 #define BYTE unsigned char
114 typedef unsigned int DWORD;
115 typedef unsigned long ULONG;
120 unsigned short Data2;
121 unsigned short Data3;
122 unsigned char Data4[8];
125 typedef struct _SID_IDENTIFIER_AUTHORITY {
127 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
129 typedef struct _SID {
131 BYTE SubAuthorityCount;
132 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
133 DWORD SubAuthority[512];
138 #define WINAFS "\\\\afs\\all\\"
140 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
141 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
142 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
143 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
144 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
146 #define QUERY_VERSION -1
147 #define PRIMARY_REALM "ATHENA.MIT.EDU"
156 #define MEMBER_REMOVE 2
157 #define MEMBER_CHANGE_NAME 3
158 #define MEMBER_ACTIVATE 4
159 #define MEMBER_DEACTIVATE 5
160 #define MEMBER_CREATE 6
162 #define MOIRA_ALL 0x0
163 #define MOIRA_USERS 0x1
164 #define MOIRA_KERBEROS 0x2
165 #define MOIRA_STRINGS 0x4
166 #define MOIRA_LISTS 0x8
169 #define ADFS_DELETE 2
171 typedef struct lk_entry {
181 struct lk_entry *next;
184 #define STOP_FILE "/moira/winad/nowinad"
185 #define file_exists(file) (access((file), F_OK) == 0)
187 #define LDAP_BERVAL struct berval
188 #define MAX_SERVER_NAMES 32
190 #define ADD_ATTR(t, v, o) \
191 mods[n] = malloc(sizeof(LDAPMod)); \
192 mods[n]->mod_op = o; \
193 mods[n]->mod_type = t; \
194 mods[n++]->mod_values = v
196 LK_ENTRY *member_base = NULL;
197 LK_ENTRY *sid_base = NULL;
198 LK_ENTRY **sid_ptr = NULL;
199 static char tbl_buf[1024];
200 char kerberos_ou[] = "OU=kerberos, OU=moira";
201 char contact_ou[] = "OU=strings, OU=moira";
202 char user_ou[] = "OU=users, OU=moira";
203 char group_ou_distribution[] = "OU=mail, OU=lists, OU=moira";
204 char group_ou_root[] = "OU=lists, OU=moira";
205 char group_ou_security[] = "OU=group, OU=lists, OU=moira";
206 char group_ou_neither[] = "OU=special, OU=lists, OU=moira";
207 char group_ou_both[] = "OU=mail, OU=group, OU=lists, OU=moira";
209 char group_manager[64];
210 char ldap_domain[256];
215 int mr_connections = 0;
217 char default_server[256];
219 extern int set_password(char *user, char *password, char *domain);
221 void AfsToWinAfs(char* path, char* winPath);
222 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
223 char *Win2kPassword, char *Win2kUser, char *default_server,
225 void ad_kdc_disconnect();
226 void check_winad(void);
227 void expand_groups(LDAP *ldap_handle, char *dn_path, char *group_name);
228 int filesys_process(int ac, char **av, void *ptr);
229 int user_create(int ac, char **av, void *ptr);
230 int user_change_status(int ac, char **av, void *ptr);
231 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
232 int user_rename(int ac, char **av, void *ptr);
233 int user_update(int ac, char **av, void *ptr);
234 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
235 int get_group_info(int ac, char**av, void *ptr);
236 int group_create(int ac, char **av, void *ptr);
237 int group_delete(int ac, char **av, void *ptr);
238 int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name);
239 int group_list_build(int ac, char **av, void *ptr);
240 int group_rename(int ac, char **av, void *ptr);
241 int list_list_build(int ac, char **av, void *ptr);
242 int member_list_build(int ac, char **av, void *ptr);
243 int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
244 char *group_ou, char *group_membership, char *group_gid,
246 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
247 char *group_ou, char *group_membership, char *group_gid);
248 int sid_update(LDAP *ldap_handle, char *dn_path);
249 int check_string(char *s);
250 void convert_b_to_a(char *string, UCHAR *binary, int length);
251 int mr_connect_cl(char *server, char *client, int version, int auth);
253 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
254 char **before, int beforec, char **after, int afterc);
255 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
256 char **before, int beforec, char **after, int afterc);
257 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
258 char **before, int beforec, char **after, int afterc);
259 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
260 char **before, int beforec, char **after, int afterc);
261 int linklist_create_entry(char *attribute, char *value,
262 LK_ENTRY **linklist_entry);
263 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
264 char **attr_array, LK_ENTRY **linklist_base,
265 int *linklist_count);
266 void linklist_free(LK_ENTRY *linklist_base);
268 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
269 char *distinguished_name, LK_ENTRY **linklist_current);
270 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
271 LK_ENTRY **linklist_base, int *linklist_count);
272 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
273 char *Attribute, char *distinguished_name,
274 LK_ENTRY **linklist_current);
276 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
277 char *oldValue, char *newValue,
278 char ***modvalues, int type);
279 void free_values(char **modvalues);
281 int convert_domain_to_dn(char *domain, char **bind_path);
282 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
283 char *distinguished_name);
284 int moira_disconnect(void);
285 int moira_connect(void);
286 void print_to_screen(const char *fmt, ...);
288 int main(int argc, char **argv)
301 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
305 com_err(whoami, 0, "%s", "argc < 4");
308 beforec = atoi(argv[2]);
309 afterc = atoi(argv[3]);
311 if (argc < (4 + beforec + afterc))
313 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
319 after = &argv[4 + beforec];
321 strcpy(tbl_buf, table);
322 strcat(tbl_buf, " (");
323 for (i = 0; i < beforec; i++)
326 strcat(tbl_buf, ",");
327 strcat(tbl_buf, before[i]);
329 strcat(tbl_buf, ")->(");
330 for (i = 0; i < afterc; i++)
333 strcat(tbl_buf, ",");
334 strcat(tbl_buf, after[i]);
336 strcat(tbl_buf, ")");
339 memset(ldap_domain, '\0', sizeof(ldap_domain));
340 if ((fptr = fopen("/moira/winad/winad.cfg", "r")) != NULL)
342 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
345 if (strlen(ldap_domain) == 0)
346 strcpy(ldap_domain, "win.mit.edu");
347 initialize_sms_error_table();
348 initialize_krb_error_table();
350 memset(default_server, '\0', sizeof(default_server));
351 memset(dn_path, '\0', sizeof(dn_path));
352 if (ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1))
354 com_err(whoami, 0, "%s %s", "cannot connect to any server in domain ",
359 for (i = 0; i < (int)strlen(table); i++)
360 table[i] = tolower(table[i]);
361 if (!strcmp(table, "users"))
362 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
364 else if (!strcmp(table, "list"))
365 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
367 else if (!strcmp(table, "imembers"))
368 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
370 else if (!strcmp(table, "filesys"))
371 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
374 else if (!strcmp(table, "quota"))
375 do_quota(before, beforec, after, afterc);
379 rc = ldap_unbind_s(ldap_handle);
383 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
384 char **before, int beforec, char **after, int afterc)
394 if (rc = moira_connect())
396 critical_alert("AD incremental",
397 "Error contacting Moira server : %s",
402 if (afterc < FS_CREATE)
406 atype = !strcmp(after[FS_TYPE], "AFS");
407 acreate = atoi(after[FS_CREATE]);
410 if (beforec < FS_CREATE)
412 if (acreate == 0 || atype == 0)
414 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
415 av[0] = after[FS_NAME];
416 call_args[0] = (char *)ldap_handle;
417 call_args[1] = dn_path;
418 call_args[2] = after[FS_NAME];
419 call_args[3] = (char *)ADFS_ADD;
420 if (rc = mr_query("get_filesys_by_label", 1, av, filesys_process, call_args))
422 critical_alert("AD incremental", "Couldn't process filesys %s : %s",
423 after[FS_NAME], error_message(rc));
429 btype = !strcmp(before[FS_TYPE], "AFS");
430 bcreate = atoi(before[FS_CREATE]);
431 if (afterc < FS_CREATE)
433 if (btype && bcreate)
435 av[0] = before[FS_NAME];
436 av[1] = before[FS_TYPE];
437 call_args[0] = (char *)ldap_handle;
438 call_args[1] = dn_path;
439 call_args[2] = before[FS_NAME];
440 call_args[3] = (char *)ADFS_DELETE;
441 if (filesys_process(beforec, before, (void *)call_args))
443 critical_alert("AD incremental", "Couldn't delete filesys %s : %s",
444 before[FS_NAME], error_message(rc));
453 if (!atype && !btype)
455 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
457 critical_alert("incremental", "Filesystem %s or %s is not AFS: "
458 "Operation not supported", before[FS_NAME], after[FS_NAME]);
462 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
463 av[0] = after[FS_NAME];
464 call_args[0] = (char *)ldap_handle;
465 call_args[1] = dn_path;
466 call_args[2] = after[FS_NAME];
467 call_args[3] = (char *)ADFS_ADD;
468 if (rc = mr_query("get_filesys_by_label", 1, av, filesys_process, call_args))
470 critical_alert("AD incremental", "Couldn't process filesys %s : %s",
471 after[FS_NAME], error_message(rc));
478 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
479 char **before, int beforec, char **after, int afterc)
495 if (beforec == 0 && afterc == 0)
498 astatus = bstatus = 0;
500 apublic = bpublic = 0;
501 amaillist = bmaillist = 0;
504 if (atoi(before[L_ACTIVE]))
506 bstatus = atoi(before[L_ACTIVE]);
507 bhide = atoi(before[L_HIDDEN]);
508 bpublic = atoi(before[L_PUBLIC]);
509 bmaillist = atoi(before[L_MAILLIST]);
510 bgroup = atoi(before[L_GROUP]);
515 if (atoi(after[L_ACTIVE]))
517 astatus = atoi(after[L_ACTIVE]);
518 ahide = atoi(after[L_HIDDEN]);
519 apublic = atoi(after[L_PUBLIC]);
520 amaillist = atoi(after[L_MAILLIST]);
521 agroup = atoi(after[L_GROUP]);
525 if (rc = moira_connect())
527 critical_alert("AD incremental",
528 "Error contacting Moira server : %s",
533 if (astatus && bstatus)
535 if ((bmaillist == amaillist) && (bgroup == agroup) &&
536 (!strcmp(before[L_NAME], after[L_NAME])))
538 com_err(whoami, 0, "Changing group %s to %s",
539 before[L_NAME], after[L_NAME]);
541 av[0] = after[L_NAME];
542 call_args[0] = (char *)ldap_handle;
543 call_args[1] = dn_path;
544 call_args[2] = before[L_NAME];
545 call_args[3] = before[L_MAILLIST];
546 call_args[4] = before[L_GROUP];
549 if (rc = mr_query("get_list_info", 1, av, group_rename, call_args))
551 if (callback_rc != LDAP_NO_SUCH_OBJECT)
553 critical_alert("AD incremental",
554 "Could not change list %s to %s : %s",
556 after[L_NAME], error_message(rc));
559 callback_rc = LDAP_NO_SUCH_OBJECT;
561 if (callback_rc != LDAP_NO_SUCH_OBJECT)
567 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
568 rc = group_ad_delete(ldap_handle, dn_path, before[L_NAME]);
573 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
576 av[0] = after[L_NAME];
577 call_args[0] = (char *)ldap_handle;
578 call_args[1] = dn_path;
579 call_args[2] = after[L_NAME];
583 call_args[6] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
586 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
588 critical_alert("AD incremental", "Couldn't create list %s : %s",
589 after[L_NAME], error_message(rc));
592 if (sid_base != NULL)
594 sid_update(ldap_handle, dn_path);
595 linklist_free(sid_base);
604 if (!(rc = mr_query("get_end_members_of_list", 1, av, member_list_build,
607 if (member_base != NULL)
609 rc = member_list_process(ldap_handle, dn_path, after[L_NAME],
610 call_args[3], call_args[4], call_args[5],
611 MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
612 expand_groups(ldap_handle, dn_path, after[L_NAME]);
617 critical_alert("AD incremental",
618 "Error contacting Moira server to resolve %s : %s",
619 after[L_NAME], error_message(rc));
621 linklist_free(member_base);
629 #define LM_EXTRA_ACTIVE (LM_END)
631 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
632 char **before, int beforec, char **after, int afterc)
636 char group_name[128];
643 if (!atoi(after[LM_EXTRA_ACTIVE]))
645 strcpy(user_name, after[LM_MEMBER]);
646 strcpy(group_name, after[LM_LIST]);
647 strcpy(user_type, after[LM_TYPE]);
652 if (!atoi(before[LM_EXTRA_ACTIVE]))
654 strcpy(user_name, before[LM_MEMBER]);
655 strcpy(group_name, before[LM_LIST]);
656 strcpy(user_type, before[LM_TYPE]);
659 if (rc = moira_connect())
661 critical_alert("AD incremental",
662 "Moira error retrieving grouplist of user %s : %s",
663 user_name, error_message(rc));
666 com_err(whoami, 0, "Updating list %s membership for user %s.", group_name,
669 call_args[0] = (char *)ldap_handle;
670 call_args[1] = dn_path;
671 call_args[2] = group_name;
675 call_args[6] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
679 if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args)))
681 if (sid_base != NULL)
683 sid_update(ldap_handle, dn_path);
684 linklist_free(sid_base);
690 if (!(rc = mr_query("get_end_members_of_list", 1, av, member_list_build,
693 if (member_base == NULL)
695 member_remove(ldap_handle, dn_path, group_name,
696 call_args[3], call_args[4], call_args[5]);
700 rc = member_list_process(ldap_handle, dn_path, group_name,
701 call_args[3], call_args[4], call_args[5],
702 MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
703 expand_groups(ldap_handle, dn_path, group_name);
710 critical_alert("AD incremental", "Couldn't add %s to group %s ",
711 user_name, group_name);
713 critical_alert("AD incremental", "Couldn't remove %s from group %s ",
714 user_name, group_name);
716 linklist_free(member_base);
718 if (call_args[3] != NULL)
720 if (call_args[4] != NULL)
726 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
727 char **before, int beforec, char **after,
736 if ((beforec == 0) || (afterc == 0))
741 if (afterc > U_STATE)
742 astate = atoi(after[U_STATE]);
743 if (beforec > U_STATE)
744 bstate = atoi(before[U_STATE]);
751 if ((bstate == 0) && (astate == 0))
754 if (rc = moira_connect())
756 critical_alert("AD incremental",
757 "Error connection to Moira : %s",
762 if (astate == bstate)
764 if (!strcmp(before[U_NAME], after[U_NAME]))
766 com_err(whoami, 0, "Updating user %s info", before[U_NAME]);
767 av[0] = before[U_NAME];
768 call_args[0] = (char *)ldap_handle;
769 call_args[1] = dn_path;
773 if (rc = mr_query("get_user_account_by_login", 1, av, user_update,
776 if (callback_rc != LDAP_NO_SUCH_OBJECT)
778 critical_alert("AD incremental",
779 "Could not update user %s info : %s",
788 com_err(whoami, 0, "Changing user %s to %s", before[U_NAME],
790 av[0] = after[U_NAME];
791 call_args[0] = (char *)ldap_handle;
792 call_args[1] = dn_path;
793 call_args[2] = (char *)MEMBER_ACTIVATE;
794 call_args[3] = before[U_NAME];
798 if (rc = mr_query("get_user_account_by_login", 1, av, user_rename,
801 if (callback_rc != LDAP_NO_SUCH_OBJECT)
803 critical_alert("AD incremental",
804 "Could not change user %s to %s : %s",
806 after[U_NAME], error_message(rc));
811 if (callback_rc != LDAP_NO_SUCH_OBJECT)
817 com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]);
818 av[0] = before[U_NAME];
819 call_args[0] = (char *)ldap_handle;
820 call_args[1] = dn_path;
821 call_args[2] = (char *)MEMBER_DEACTIVATE;
822 if (rc = mr_query("get_user_account_by_login", 1, av, user_change_status,
825 critical_alert("AD incremental",
826 "Couldn't deactivate user %s in the AD : %s",
827 before[U_NAME], error_message(rc));
833 com_err(whoami, 0, "%s user %s", "Creating/Reactivating",
836 av[0] = after[U_NAME];
837 call_args[0] = (char *)ldap_handle;
838 call_args[1] = dn_path;
839 call_args[2] = (char *)MEMBER_ACTIVATE;
843 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
846 critical_alert("AD incremental", "Couldn't create/activate user %s : %s",
847 after[U_NAME], error_message(rc));
850 if (sid_base != NULL)
852 sid_update(ldap_handle, dn_path);
853 linklist_free(sid_base);
860 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
861 char *oldValue, char *newValue,
862 char ***modvalues, int type)
864 LK_ENTRY *linklist_ptr;
868 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
873 for (i = 0; i < (modvalue_count + 1); i++)
874 (*modvalues)[i] = NULL;
875 if (modvalue_count != 0)
877 linklist_ptr = linklist_base;
878 for (i = 0; i < modvalue_count; i++)
880 if ((oldValue != NULL) && (newValue != NULL))
882 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
887 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
890 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
891 strcpy((*modvalues)[i], newValue);
895 if (((*modvalues)[i] = calloc(1,
896 (int)(cPtr - linklist_ptr->value) +
897 (linklist_ptr->length - strlen(oldValue)) +
898 strlen(newValue) + 1)) == NULL)
900 memset((*modvalues)[i], '\0',
901 (int)(cPtr - linklist_ptr->value) +
902 (linklist_ptr->length - strlen(oldValue)) +
903 strlen(newValue) + 1);
904 memcpy((*modvalues)[i], linklist_ptr->value,
905 (int)(cPtr - linklist_ptr->value));
906 strcat((*modvalues)[i], newValue);
907 strcat((*modvalues)[i],
908 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
913 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
914 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
915 memcpy((*modvalues)[i], linklist_ptr->value,
916 linklist_ptr->length);
921 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
922 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
923 memcpy((*modvalues)[i], linklist_ptr->value,
924 linklist_ptr->length);
926 linklist_ptr = linklist_ptr->next;
928 (*modvalues)[i] = NULL;
934 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
935 char **attr_array, LK_ENTRY **linklist_base,
939 LDAPMessage *ldap_entry;
943 (*linklist_base) = NULL;
944 (*linklist_count) = 0;
945 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
946 search_exp, attr_array, 0, &ldap_entry))
949 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
951 ldap_msgfree(ldap_entry);
956 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
957 LK_ENTRY **linklist_base, int *linklist_count)
959 char distinguished_name[1024];
960 LK_ENTRY *linklist_ptr;
963 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
966 memset(distinguished_name, '\0', sizeof(distinguished_name));
967 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
969 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
970 linklist_base)) != 0)
973 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
975 memset(distinguished_name, '\0', sizeof(distinguished_name));
976 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
978 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
979 linklist_base)) != 0)
983 linklist_ptr = (*linklist_base);
984 (*linklist_count) = 0;
985 while (linklist_ptr != NULL)
988 linklist_ptr = linklist_ptr->next;
993 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
994 char *distinguished_name, LK_ENTRY **linklist_current)
1000 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1002 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1004 ldap_memfree(Attribute);
1005 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1008 retrieve_values(ldap_handle, ldap_entry, Attribute,
1009 distinguished_name, linklist_current);
1010 ldap_memfree(Attribute);
1013 ldap_ber_free(ptr, 0);
1017 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1018 char *Attribute, char *distinguished_name,
1019 LK_ENTRY **linklist_current)
1025 LK_ENTRY *linklist_previous;
1026 LDAP_BERVAL **ber_value;
1034 SID_IDENTIFIER_AUTHORITY *sid_auth;
1035 unsigned char *subauth_count;
1036 #endif /*LDAP_BEGUG*/
1039 memset(temp, '\0', sizeof(temp));
1040 if ((!strcmp(Attribute, "objectSid")) ||
1041 (!strcmp(Attribute, "objectGUID")))
1046 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1047 Ptr = (void **)ber_value;
1052 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1053 Ptr = (void **)str_value;
1060 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1062 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1063 linklist_previous->next = (*linklist_current);
1064 (*linklist_current) = linklist_previous;
1066 if (((*linklist_current)->attribute = calloc(1,
1067 strlen(Attribute) + 1)) == NULL)
1069 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1070 strcpy((*linklist_current)->attribute, Attribute);
1073 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1074 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1076 memset((*linklist_current)->value, '\0', ber_length);
1077 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1079 (*linklist_current)->length = ber_length;
1083 if (((*linklist_current)->value = calloc(1,
1084 strlen(*Ptr) + 1)) == NULL)
1086 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1087 (*linklist_current)->length = strlen(*Ptr);
1088 strcpy((*linklist_current)->value, *Ptr);
1090 (*linklist_current)->ber_value = use_bervalue;
1091 if (((*linklist_current)->dn = calloc(1,
1092 strlen(distinguished_name) + 1)) == NULL)
1094 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1095 strcpy((*linklist_current)->dn, distinguished_name);
1098 if (!strcmp(Attribute, "objectGUID"))
1100 guid = (GUID *)((*linklist_current)->value);
1101 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1102 guid->Data1, guid->Data2, guid->Data3,
1103 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1104 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1105 guid->Data4[6], guid->Data4[7]);
1106 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1108 else if (!strcmp(Attribute, "objectSid"))
1110 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1112 print_to_screen(" Revision = %d\n", sid->Revision);
1113 print_to_screen(" SID Identifier Authority:\n");
1114 sid_auth = &sid->IdentifierAuthority;
1115 if (sid_auth->Value[0])
1116 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1117 else if (sid_auth->Value[1])
1118 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1119 else if (sid_auth->Value[2])
1120 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1121 else if (sid_auth->Value[3])
1122 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1123 else if (sid_auth->Value[5])
1124 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1126 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1127 subauth_count = GetSidSubAuthorityCount(sid);
1128 print_to_screen(" SidSubAuthorityCount = %d\n",
1130 print_to_screen(" SidSubAuthority:\n");
1131 for (i = 0; i < *subauth_count; i++)
1133 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1134 print_to_screen(" %u\n", *subauth);
1138 else if ((!memcmp(Attribute, "userAccountControl",
1139 strlen("userAccountControl"))) ||
1140 (!memcmp(Attribute, "sAMAccountType",
1141 strlen("sAmAccountType"))))
1143 intValue = atoi(*Ptr);
1144 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1145 if (!memcmp(Attribute, "userAccountControl",
1146 strlen("userAccountControl")))
1148 if (intValue & UF_ACCOUNTDISABLE)
1149 print_to_screen(" %20s : %s\n",
1150 "", "Account disabled");
1152 print_to_screen(" %20s : %s\n",
1153 "", "Account active");
1154 if (intValue & UF_HOMEDIR_REQUIRED)
1155 print_to_screen(" %20s : %s\n",
1156 "", "Home directory required");
1157 if (intValue & UF_LOCKOUT)
1158 print_to_screen(" %20s : %s\n",
1159 "", "Account locked out");
1160 if (intValue & UF_PASSWD_NOTREQD)
1161 print_to_screen(" %20s : %s\n",
1162 "", "No password required");
1163 if (intValue & UF_PASSWD_CANT_CHANGE)
1164 print_to_screen(" %20s : %s\n",
1165 "", "Cannot change password");
1166 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1167 print_to_screen(" %20s : %s\n",
1168 "", "Temp duplicate account");
1169 if (intValue & UF_NORMAL_ACCOUNT)
1170 print_to_screen(" %20s : %s\n",
1171 "", "Normal account");
1172 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1173 print_to_screen(" %20s : %s\n",
1174 "", "Interdomain trust account");
1175 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1176 print_to_screen(" %20s : %s\n",
1177 "", "Workstation trust account");
1178 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1179 print_to_screen(" %20s : %s\n",
1180 "", "Server trust account");
1185 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1187 #endif /*LDAP_DEBUG*/
1189 if (str_value != NULL)
1190 ldap_value_free(str_value);
1191 if (ber_value != NULL)
1192 ldap_value_free_len(ber_value);
1194 (*linklist_current) = linklist_previous;
1198 int moira_connect(void)
1203 if (!mr_connections++)
1206 memset(HostName, '\0', sizeof(HostName));
1207 strcpy(HostName, "ttsp");
1208 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1210 rc = mr_connect(HostName);
1215 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1217 rc = mr_connect(uts.nodename);
1222 rc = mr_auth("winad.incr");
1229 void check_winad(void)
1233 for (i = 0; file_exists(STOP_FILE); i++)
1237 critical_alert("incremental",
1238 "WINAD incremental failed (%s exists): %s",
1239 STOP_FILE, tbl_buf);
1246 int moira_disconnect(void)
1249 if (!--mr_connections)
1256 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1257 char *distinguished_name)
1261 CName = ldap_get_dn(ldap_handle, ldap_entry);
1264 strcpy(distinguished_name, CName);
1265 ldap_memfree(CName);
1268 int linklist_create_entry(char *attribute, char *value,
1269 LK_ENTRY **linklist_entry)
1271 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1272 if (!(*linklist_entry))
1276 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1277 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1278 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1279 strcpy((*linklist_entry)->attribute, attribute);
1280 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1281 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1282 strcpy((*linklist_entry)->value, value);
1283 (*linklist_entry)->length = strlen(value);
1284 (*linklist_entry)->next = NULL;
1288 void print_to_screen(const char *fmt, ...)
1292 va_start(pvar, fmt);
1293 vfprintf(stderr, fmt, pvar);
1298 int get_group_membership(char *group_membership, char *group_ou,
1299 int *security_flag, char **av)
1304 maillist_flag = atoi(av[L_MAILLIST]);
1305 group_flag = atoi(av[L_GROUP]);
1306 if (security_flag != NULL)
1307 (*security_flag) = 0;
1309 if ((maillist_flag) && (group_flag))
1311 if (group_membership != NULL)
1312 group_membership[0] = 'B';
1313 if (security_flag != NULL)
1314 (*security_flag) = 1;
1315 if (group_ou != NULL)
1316 strcpy(group_ou, group_ou_both);
1318 else if ((!maillist_flag) && (group_flag))
1320 if (group_membership != NULL)
1321 group_membership[0] = 'S';
1322 if (security_flag != NULL)
1323 (*security_flag) = 1;
1324 if (group_ou != NULL)
1325 strcpy(group_ou, group_ou_security);
1327 else if ((maillist_flag) && (!group_flag))
1329 if (group_membership != NULL)
1330 group_membership[0] = 'D';
1331 if (group_ou != NULL)
1332 strcpy(group_ou, group_ou_distribution);
1336 if (group_membership != NULL)
1337 group_membership[0] = 'N';
1338 if (group_ou != NULL)
1339 strcpy(group_ou, group_ou_neither);
1344 int get_group_info(int ac, char**av, void *ptr)
1350 if (!atoi(av[L_ACTIVE]))
1354 get_group_membership(GroupType, NULL, NULL, av);
1358 call_args[5] = av[L_NAME];
1359 get_group_membership(call_args[4], call_args[3], NULL, av);
1365 int group_rename(int ac, char **av, void *ptr)
1370 char new_dn_path[512];
1373 char group_membership[2];
1374 char filter_exp[4096];
1375 char *attr_array[3];
1376 char *name_v[] = {NULL, NULL};
1377 char *samAccountName_v[] = {NULL, NULL};
1382 LK_ENTRY *group_base;
1385 char *maillist_flag = NULL;
1386 char *group_flag = NULL;
1390 if (!check_string(call_args[2]))
1392 callback_rc = LDAP_NO_SUCH_OBJECT;
1395 if (!check_string(av[L_NAME]))
1397 critical_alert("AD incremental - list rename",
1398 "invalid LDAP list name %s",
1403 memset(group_ou, 0, sizeof(group_ou));
1404 memset(group_membership, 0, sizeof(group_membership));
1407 maillist_flag = av[L_MAILLIST];
1408 group_flag = av[L_GROUP];
1409 av[L_MAILLIST] = call_args[3];
1410 av[L_GROUP] = call_args[4];
1411 get_group_membership(group_membership, NULL, NULL, av);
1412 av[L_MAILLIST] = maillist_flag;
1413 av[L_GROUP] = group_flag;
1415 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", call_args[2], group_membership[0]);
1416 attr_array[0] = "distinguishedName";
1417 attr_array[1] = NULL;
1418 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1419 &group_base, &group_count)) != 0)
1421 critical_alert("AD incremental - list rename",
1422 "LDAP server unable to get list %s dn : %s",
1423 call_args[2], ldap_err2string(rc));
1426 if (group_count != 1)
1428 critical_alert("AD incremental - list rename",
1429 "LDAP server unable to find list %s in AD.",
1431 callback_rc = LDAP_NO_SUCH_OBJECT;
1434 strcpy(old_dn, group_base->value);
1435 linklist_free(group_base);
1439 get_group_membership(group_membership, group_ou, &security_flag, av);
1440 sprintf(sam_name, "%s_zZx%c", av[L_NAME], group_membership[0]);
1441 sprintf(new_dn_path, "%s,%s", group_ou, call_args[1]);
1442 sprintf(new_dn, "cn=%s", av[L_NAME]);
1443 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, new_dn_path,
1444 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1446 critical_alert("AD incremental - list rename",
1447 "Couldn't rename list from %s to %s : %s",
1448 call_args[2], av[L_NAME], ldap_err2string(rc));
1452 name_v[0] = av[L_NAME];
1453 samAccountName_v[0] = sam_name;
1455 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1456 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1458 sprintf(new_dn, "cn=%s,%s,%s", av[L_NAME], group_ou, call_args[1]);
1459 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
1461 critical_alert("AD incremental - list rename",
1462 "After renaming, couldn't modify list data for %s : %s",
1463 av[L_NAME], ldap_err2string(rc));
1465 for (i = 0; i < n; i++)
1470 int group_create(int ac, char **av, void *ptr)
1475 char new_group_name[256];
1476 char sam_group_name[256];
1477 char cn_group_name[256];
1478 char *cn_v[] = {NULL, NULL};
1479 char *objectClass_v[] = {"top", "group", NULL};
1481 char *samAccountName_v[] = {NULL, NULL};
1482 char *managedBy_v[] = {NULL, NULL};
1483 char *altSecurityIdentities_v[] = {NULL, NULL};
1484 char *name_v[] = {NULL, NULL};
1485 char *desc_v[] = {NULL, NULL};
1486 char *info_v[] = {NULL, NULL};
1487 char *groupTypeControl_v[] = {NULL, NULL};
1488 char groupTypeControlStr[80];
1489 char group_membership[1];
1492 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1496 char filter_exp[256];
1497 char *attr_array[3];
1502 if (!atoi(av[L_ACTIVE]))
1504 if (!check_string(av[L_NAME]))
1506 critical_alert("AD incremental - list create",
1507 "invalid LDAP list name %s",
1511 memset(group_ou, 0, sizeof(group_ou));
1512 memset(group_membership, 0, sizeof(group_membership));
1514 get_group_membership(group_membership, group_ou, &security_flag, av);
1515 call_args[3] = strdup(group_ou);
1516 call_args[4] = strdup(group_membership);
1517 call_args[5] = strdup(av[L_NAME]);
1520 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1521 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1522 groupTypeControl_v[0] = groupTypeControlStr;
1524 strcpy(new_group_name, av[L_NAME]);
1525 strcpy(sam_group_name, av[L_NAME]);
1526 strcpy(cn_group_name, av[L_NAME]);
1527 sprintf(&sam_group_name[strlen(sam_group_name)],
1528 "_zZx%c", group_membership[0]);
1530 samAccountName_v[0] = sam_group_name;
1531 name_v[0] = new_group_name;
1532 cn_v[0] = new_group_name;
1534 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1536 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1537 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1538 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1539 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1540 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1541 if (strlen(av[L_DESC]) != 0)
1543 desc_v[0] = av[L_DESC];
1544 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1546 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1547 if (strlen(av[L_ACE_NAME]) != 0)
1549 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1551 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1555 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1557 for (i = 0; i < n; i++)
1559 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1561 critical_alert("AD incremental - list rename",
1562 "Unable to create list %s in AD : %s",
1563 av[L_NAME], ldap_err2string(rc));
1566 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1567 attr_array[0] = "objectSid";
1568 attr_array[1] = NULL;
1570 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1571 sid_ptr, &sid_count)) == LDAP_SUCCESS)
1575 (*sid_ptr)->member = strdup(av[L_NAME]);
1576 (*sid_ptr)->type = (char *)GROUPS;
1577 sid_ptr = &(*sid_ptr)->next;
1583 int group_delete(int ac, char **av, void *ptr)
1585 LK_ENTRY *group_base;
1587 char *attr_array[3];
1588 char filter_exp[1024];
1589 char group_membership[1];
1591 char sam_group_name[256];
1598 if (!check_string(av[L_NAME]))
1600 critical_alert("AD incremental - list delete",
1601 "invalid LDAP list name %s",
1605 memset(group_ou, 0, sizeof(group_ou));
1606 memset(group_membership, 0, sizeof(group_membership));
1608 get_group_membership(group_membership, group_ou, &security_flag, av);
1612 attr_array[0] = "distinguishedName";
1613 attr_array[1] = NULL;
1614 strcpy(sam_group_name, av[L_NAME]);
1615 sprintf(&sam_group_name[strlen(sam_group_name)], "_zZx%c",
1616 group_membership[0]);
1617 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1618 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp,
1619 attr_array, &group_base, &group_count)) != 0)
1621 if (group_count == 1)
1623 if ((rc = ldap_delete_s((LDAP *)call_args[0], group_base->value)) != LDAP_SUCCESS)
1625 critical_alert("AD incremental - list delete",
1626 "Couldn't delete group %s : %s",
1627 av[L_NAME], ldap_err2string(rc));
1632 critical_alert("AD incremental - list delete",
1633 "Unable to find list %s in AD.",
1637 linklist_free(group_base);
1641 int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name)
1643 LK_ENTRY *group_base;
1644 char *attr_array[3];
1645 char filter_exp[1024];
1646 char sam_group_name[256];
1651 if (!check_string(group_name))
1653 critical_alert("AD incremental - list AD delete",
1654 "invalid LDAP list name %s",
1661 attr_array[0] = "distinguishedName";
1662 attr_array[1] = NULL;
1663 strcpy(sam_group_name, group_name);
1664 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1665 sprintf(filter_exp, "(sAMAccountName=%s_zZx*)", sam_group_name);
1666 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1667 &group_base, &group_count) != 0)
1669 if (group_count == 1)
1671 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1673 critical_alert("AD incremental - list AD delete",
1674 "Unable to delete list %s from AD : %s",
1675 group_name, ldap_err2string(rc));
1681 critical_alert("AD incremental - list AD delete",
1682 "Unable to find list %s in AD.",
1686 linklist_free(group_base);
1690 int group_list_build(int ac, char **av, void *ptr)
1697 if (!atoi(av[L_ACTIVE]))
1699 if (!check_string(av[L_NAME]))
1701 linklist = calloc(1, sizeof(LK_ENTRY));
1704 critical_alert("AD incremental", "Out of memory");
1707 memset(linklist, '\0', sizeof(LK_ENTRY));
1709 linklist->dn = NULL;
1710 linklist->list = calloc(1, strlen(av[L_NAME]) + 1);
1711 strcpy(linklist->list, av[L_NAME]);
1712 linklist->type = calloc(1, strlen("USER") + 1);
1713 strcpy(linklist->type, "USER");
1714 linklist->member = calloc(1, strlen(call_args[0]) + 1);
1715 strcpy(linklist->member, call_args[0]);
1716 linklist->next = member_base;
1717 member_base = linklist;
1721 int member_list_build(int ac, char **av, void *ptr)
1729 strcpy(temp, av[ACE_NAME]);
1730 if (!check_string(temp))
1732 if (!strcmp(av[ACE_TYPE], "USER"))
1734 if (!((int)call_args[6] & MOIRA_USERS))
1737 else if (!strcmp(av[ACE_TYPE], "STRING"))
1739 if (!((int)call_args[6] & MOIRA_STRINGS))
1741 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1744 else if (!strcmp(av[ACE_TYPE], "LIST"))
1746 if (!((int)call_args[6] & MOIRA_LISTS))
1749 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
1751 if (!((int)call_args[6] & MOIRA_KERBEROS))
1753 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1759 linklist = member_base;
1762 if (!strcasecmp(temp, linklist->member))
1764 linklist = linklist->next;
1766 linklist = calloc(1, sizeof(LK_ENTRY));
1768 linklist->dn = NULL;
1769 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1770 strcpy(linklist->list, call_args[2]);
1771 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1772 strcpy(linklist->type, av[ACE_TYPE]);
1773 linklist->member = calloc(1, strlen(temp) + 1);
1774 strcpy(linklist->member, temp);
1775 linklist->next = member_base;
1776 member_base = linklist;
1780 int list_list_build(int ac, char **av, void *ptr)
1788 strcpy(temp, av[L_NAME]);
1789 if (!check_string(temp))
1792 linklist = member_base;
1795 if (!strcasecmp(temp, linklist->member))
1797 linklist = linklist->next;
1799 linklist = calloc(1, sizeof(LK_ENTRY));
1801 linklist->dn = NULL;
1802 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1803 strcpy(linklist->list, call_args[2]);
1804 linklist->type = calloc(1, strlen("LIST") + 1);
1805 strcpy(linklist->type, "LIST");
1806 linklist->member = calloc(1, strlen(temp) + 1);
1807 strcpy(linklist->member, temp);
1808 linklist->next = member_base;
1809 member_base = linklist;
1813 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1814 char *group_ou, char *group_membership, char *group_gid)
1816 char distinguished_name[1024];
1818 char filter_exp[4096];
1819 char *attr_array[3];
1825 LK_ENTRY *group_base;
1828 if (!check_string(group_name))
1830 strcpy(temp, group_name);
1831 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1832 attr_array[0] = "distinguishedName";
1833 attr_array[1] = NULL;
1834 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1835 &group_base, &group_count)) != 0)
1837 critical_alert("AD incremental - member remove",
1838 "LDAP server unable to get list %s info : %s",
1839 group_name, ldap_err2string(rc));
1842 if (group_count != 1)
1844 critical_alert("AD incremental - member remove",
1845 "LDAP server unable to find list %s in AD.",
1849 strcpy(distinguished_name, group_base->value);
1850 linklist_free(group_base);
1853 attr_array[0] = "member";
1854 attr_array[1] = NULL;
1855 if ((rc = linklist_build(ldap_handle, distinguished_name, filter_exp, attr_array,
1856 &group_base, &group_count)) != 0)
1858 critical_alert("AD incremental - member remove",
1859 "LDAP server unable to get list %s info : %s",
1860 group_name, ldap_err2string(rc));
1865 if (group_count != 0)
1867 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
1868 &modvalues, REPLACE)) == 1)
1871 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1873 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1874 for (i = 0; i < n; i++)
1876 if (rc != LDAP_SUCCESS)
1878 critical_alert("AD incremental - member remove",
1879 "LDAP server unable to modify list %s members : %s",
1880 group_name, ldap_err2string(rc));
1883 linklist_free(group_base);
1889 free_values(modvalues);
1890 linklist_free(group_base);
1894 #define USER_COUNT 5
1896 int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
1897 char *group_ou, char *group_membership, char *group_gid,
1900 char distinguished_name[1024];
1902 char filter_exp[4096];
1903 char *attr_array[3];
1905 char group_member[256];
1915 LK_ENTRY *group_base;
1932 j = group_count/USER_COUNT;
1935 if (!check_string(group_name))
1937 strcpy(temp, group_name);
1938 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1939 attr_array[0] = "distinguishedName";
1940 attr_array[1] = NULL;
1941 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1942 &group_base, &group_count)) != 0)
1944 critical_alert("AD incremental - member list process",
1945 "LDAP server unable to get list %s info : %s",
1946 group_name, ldap_err2string(rc));
1949 if (group_count != 1)
1951 critical_alert("AD incremental - member list process",
1952 "LDAP server unable to find list %s in AD.",
1956 strcpy(distinguished_name, group_base->value);
1957 linklist_free(group_base);
1962 for (i = 0; i < j; i++)
1966 memset(filter_exp, 0, sizeof(filter_exp));
1967 strcpy(filter_exp, "(|");
1969 for (k = 0; k < USER_COUNT; k++)
1971 strcpy(group_member, pPtr->member);
1972 if (!check_string(group_member))
1979 if (!strcmp(pPtr->type, "LIST"))
1981 if (!(operation & MOIRA_LISTS))
1983 args[0] = pPtr->member;
1984 rc = mr_query("get_list_info", 1, args, get_group_info, NULL);
1985 sprintf(temp, "(sAMAccountName=%s_zZx%c)", group_member, GroupType[0]);
1987 else if (!strcmp(pPtr->type, "USER"))
1989 if (!(operation & MOIRA_USERS))
1991 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, user_ou, dn_path);
1993 else if (!strcmp(pPtr->type, "STRING"))
1995 if (!(operation & MOIRA_STRINGS))
1997 if ((group_membership[0] != 'B') && (group_membership[0] != 'D'))
1999 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, contact_ou, dn_path);
2003 if (!(operation & MOIRA_KERBEROS))
2005 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, kerberos_ou, dn_path);
2007 strcat(filter_exp, temp);
2013 if (filter_count == 0)
2015 strcat(filter_exp, ")");
2016 attr_array[0] = "distinguishedName";
2017 attr_array[1] = NULL;
2020 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2021 &new_list, &new_list_count)) != 0)
2023 critical_alert("AD incremental - member list process",
2024 "LDAP server unable to get list %s members from AD : %s",
2025 group_name, ldap_err2string(rc));
2028 group_count += new_list_count;
2029 if (group_base == NULL)
2030 group_base = new_list;
2036 if (sPtr->next != NULL)
2041 sPtr->next = new_list;
2048 if (group_count != 0)
2050 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
2051 &modvalues, REPLACE)) == 1)
2054 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2056 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods))
2059 mods[0]->mod_op = LDAP_MOD_REPLACE;
2060 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2062 if (rc == LDAP_ALREADY_EXISTS)
2064 for (i = 0; i < n; i++)
2066 linklist_free(group_base);
2069 if (rc != LDAP_SUCCESS)
2071 critical_alert("AD incremental - member list process",
2072 "LDAP server unable to modify list %s members in AD : %s",
2073 group_name, ldap_err2string(rc));
2079 free_values(modvalues);
2080 linklist_free(group_base);
2084 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2088 char cn_user_name[256];
2089 char contact_name[256];
2090 char *email_v[] = {NULL, NULL};
2091 char *cn_v[] = {NULL, NULL};
2092 char *contact_v[] = {NULL, NULL};
2093 char *objectClass_v[] = {"top", "person",
2094 "organizationalPerson",
2096 char *name_v[] = {NULL, NULL};
2097 char *desc_v[] = {NULL, NULL};
2102 if (!check_string(user))
2104 critical_alert("AD incremental - contact create",
2105 "invalid LDAP name %s",
2109 strcpy(contact_name, user);
2110 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2111 cn_v[0] = cn_user_name;
2112 contact_v[0] = contact_name;
2114 desc_v[0] = "Auto account created by Moira";
2117 strcpy(new_dn, cn_user_name);
2119 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2120 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2121 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2122 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2123 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2124 if (!strcmp(group_ou, contact_ou))
2126 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2130 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2131 for (i = 0; i < n; i++)
2133 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2136 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2137 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2138 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2139 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2140 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2142 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2143 for (i = 0; i < n; i++)
2146 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2148 critical_alert("AD incremental - contact create",
2149 "could not create contact %s : %s",
2150 user, ldap_err2string(rc));
2156 int user_update(int ac, char **av, void *ptr)
2159 LK_ENTRY *group_base;
2161 char distinguished_name[256];
2162 char user_name[256];
2163 char *uid_v[] = {NULL, NULL};
2164 char *mitid_v[] = {NULL, NULL};
2165 char *homedir_v[] = {NULL, NULL};
2166 char *winProfile_v[] = {NULL, NULL};
2167 char *drives_v[] = {NULL, NULL};
2172 char filter_exp[256];
2173 char *attr_array[3];
2177 char winProfile[256];
2181 if (!check_string(av[U_NAME]))
2183 critical_alert("AD incremental - user update",
2184 "invalid LDAP user name %s",
2189 strcpy(user_name, av[U_NAME]);
2192 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2193 attr_array[0] = "cn";
2194 attr_array[1] = NULL;
2195 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2196 &group_base, &group_count)) != 0)
2198 critical_alert("AD incremental - user update",
2199 "LDAP server couldn't process user %s : %s",
2200 user_name, ldap_err2string(rc));
2204 if (group_count != 1)
2206 critical_alert("AD incremental - user update",
2207 "LDAP server unable to find user %s in AD.",
2209 callback_rc = LDAP_NO_SUCH_OBJECT;
2212 strcpy(distinguished_name, group_base->dn);
2215 if (strlen(av[U_UID]) != 0)
2217 uid_v[0] = av[U_UID];
2218 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2219 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2221 if (strlen(av[U_MITID]) != 0)
2223 mitid_v[0] = av[U_MITID];
2224 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2226 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2228 memset(path, 0, sizeof(path));
2229 memset(winPath, 0, sizeof(winPath));
2230 sscanf(hp[0], "%*s %s", path);
2231 if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0)
2233 AfsToWinAfs(path, winPath);
2234 homedir_v[0] = winPath;
2235 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2236 strcpy(winProfile, winPath);
2237 strcat(winProfile, "\\.winprofile");
2238 winProfile_v[0] = winProfile;
2239 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2241 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2247 if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) != LDAP_SUCCESS)
2249 critical_alert("AD incremental - user update",
2250 "Couldn't modify user data for %s : %s",
2251 user_name, ldap_err2string(rc));
2253 for (i = 0; i < n; i++)
2267 linklist_free(group_base);
2271 int user_rename(int ac, char **av, void *ptr)
2276 char user_name[256];
2279 char *userPrincipalName_v[] = {NULL, NULL};
2280 char *altSecurityIdentities_v[] = {NULL, NULL};
2281 char *name_v[] = {NULL, NULL};
2282 char *samAccountName_v[] = {NULL, NULL};
2283 char *uid_v[] = {NULL, NULL};
2284 char *mitid_v[] = {NULL, NULL};
2292 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2293 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2295 if (!strncmp(av[U_NAME], "#", 1))
2297 if (!check_string(call_args[3]))
2299 callback_rc = LDAP_NO_SUCH_OBJECT;
2302 if (!check_string(av[U_NAME]))
2304 critical_alert("AD incremental - user rename",
2305 "invalid LDAP user name %s",
2310 strcpy(user_name, av[U_NAME]);
2311 sprintf(old_dn, "cn=%s,%s,%s", call_args[3], user_ou, call_args[1]);
2312 sprintf(new_dn, "cn=%s", user_name);
2314 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, NULL, TRUE,
2315 NULL, NULL)) != LDAP_SUCCESS)
2317 if (rc == LDAP_NO_SUCH_OBJECT)
2319 callback_rc = LDAP_NO_SUCH_OBJECT;
2322 critical_alert("AD incremental - user rename",
2323 "Couldn't rename user from %s to %s : %s",
2324 call_args[3], user_name, ldap_err2string(rc));
2328 name_v[0] = user_name;
2329 sprintf(upn, "%s@%s", user_name, ldap_domain);
2330 userPrincipalName_v[0] = upn;
2331 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2332 altSecurityIdentities_v[0] = temp;
2333 samAccountName_v[0] = user_name;
2336 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2337 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2338 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2339 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2340 if (strlen(av[U_UID]) != 0)
2342 uid_v[0] = av[U_UID];
2343 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2344 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2346 if (strlen(av[U_MITID]) != 0)
2348 mitid_v[0] = av[U_MITID];
2349 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2352 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2353 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
2355 critical_alert("AD incremental - user rename",
2356 "After renaming, couldn't modify user data for %s : %s",
2357 user_name, ldap_err2string(rc));
2359 for (i = 0; i < n; i++)
2364 int filesys_process(int ac, char **av, void *ptr)
2366 char distinguished_name[256];
2368 char winProfile[256];
2370 char filter_exp[256];
2371 char *attr_array[3];
2372 char *homedir_v[] = {NULL, NULL};
2373 char *winProfile_v[] = {NULL, NULL};
2374 char *drives_v[] = {NULL, NULL};
2382 LK_ENTRY *group_base;
2386 if (!check_string(av[FS_NAME]))
2388 critical_alert("AD incremental - user filesys",
2389 "invalid filesys name %s",
2395 if (strcmp(av[FS_TYPE], "AFS"))
2397 critical_alert("AD incremental - user filesys",
2398 "invalid filesys type %s",
2403 strcpy(fs_name, av[FS_NAME]);
2406 sprintf(filter_exp, "(sAMAccountName=%s)", av[FS_NAME]);
2407 attr_array[0] = "cn";
2408 attr_array[1] = NULL;
2409 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2410 &group_base, &group_count)) != 0)
2412 critical_alert("AD incremental - user update",
2413 "LDAP server couldn't process filesys %s : %s",
2414 fs_name, ldap_err2string(rc));
2418 if (group_count != 1)
2420 critical_alert("AD incremental - user update",
2421 "LDAP server unable to find user %s in AD.",
2423 callback_rc = LDAP_NO_SUCH_OBJECT;
2426 strcpy(distinguished_name, group_base->dn);
2428 operation = LDAP_MOD_ADD;
2429 if ((int)call_args[3] == ADFS_DELETE)
2430 operation = LDAP_MOD_DELETE;
2433 if (operation == LDAP_MOD_ADD)
2435 memset(winPath, 0, sizeof(winPath));
2436 AfsToWinAfs(av[FS_PACK], winPath);
2437 homedir_v[0] = winPath;
2439 memset(winProfile, 0, sizeof(winProfile));
2440 strcpy(winProfile, winPath);
2441 strcat(winProfile, "\\.winprofile");
2442 winProfile_v[0] = winProfile;
2446 homedir_v[0] = NULL;
2448 winProfile_v[0] = NULL;
2450 ADD_ATTR("profilePath", winProfile_v, operation);
2451 ADD_ATTR("homeDrive", drives_v, operation);
2452 ADD_ATTR("homeDirectory", homedir_v, operation);
2455 for (i = 1; i < 6; i++)
2457 if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) == LDAP_SUCCESS)
2461 if (rc != LDAP_SUCCESS)
2463 critical_alert("AD incremental - filesys update",
2464 "Couldn't modify user data for filesys %s : %s",
2465 fs_name, ldap_err2string(rc));
2467 for (i = 0; i < n; i++)
2474 int user_create(int ac, char **av, void *ptr)
2478 char user_name[256];
2480 char *cn_v[] = {NULL, NULL};
2481 char *objectClass_v[] = {"top", "person",
2482 "organizationalPerson",
2485 char *samAccountName_v[] = {NULL, NULL};
2486 char *altSecurityIdentities_v[] = {NULL, NULL};
2487 char *name_v[] = {NULL, NULL};
2488 char *desc_v[] = {NULL, NULL};
2490 char *userPrincipalName_v[] = {NULL, NULL};
2491 char *userAccountControl_v[] = {NULL, NULL};
2492 char *uid_v[] = {NULL, NULL};
2493 char *mitid_v[] = {NULL, NULL};
2494 char userAccountControlStr[80];
2496 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2501 char filter_exp[256];
2502 char *attr_array[3];
2507 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2508 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2510 if (!strncmp(av[U_NAME], "#", 1))
2512 if (!check_string(av[U_NAME]))
2514 critical_alert("AD incremental - user create",
2515 "invalid LDAP user name %s",
2520 strcpy(user_name, av[U_NAME]);
2521 sprintf(upn, "%s@%s", user_name, ldap_domain);
2522 sprintf(sam_name, "%s", av[U_NAME]);
2523 samAccountName_v[0] = sam_name;
2524 if (atoi(av[U_STATE]) == US_DELETED)
2525 userAccountControl |= UF_ACCOUNTDISABLE;
2526 sprintf(userAccountControlStr, "%ld", userAccountControl);
2527 userAccountControl_v[0] = userAccountControlStr;
2528 userPrincipalName_v[0] = upn;
2530 cn_v[0] = user_name;
2531 name_v[0] = user_name;
2532 desc_v[0] = "Auto account created by Moira";
2533 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2534 altSecurityIdentities_v[0] = temp;
2535 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2538 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2539 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2540 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2541 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2542 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2543 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2544 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2545 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2546 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2547 if (strlen(av[U_UID]) != 0)
2549 uid_v[0] = av[U_UID];
2550 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2551 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2553 if (strlen(av[U_MITID]) != 0)
2554 mitid_v[0] = av[U_MITID];
2556 mitid_v[0] = "none";
2557 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2560 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2561 for (i = 0; i < n; i++)
2563 if (rc == LDAP_ALREADY_EXISTS)
2565 rc = user_change_status(ac, av, ptr);
2568 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2570 critical_alert("AD incremental - user create",
2571 "could not create user %s : %s",
2572 user_name, ldap_err2string(rc));
2575 if (rc == LDAP_SUCCESS)
2577 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2579 critical_alert("AD incremental - user create",
2580 "Couldn't set password for user %s : %ld",
2584 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2585 attr_array[0] = "objectSid";
2586 attr_array[1] = NULL;
2588 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2589 sid_ptr, &sid_count)) == LDAP_SUCCESS)
2593 (*sid_ptr)->member = strdup(av[U_NAME]);
2594 (*sid_ptr)->type = (char *)USERS;
2595 sid_ptr = &(*sid_ptr)->next;
2601 int user_change_status(int ac, char **av, void *ptr)
2603 char filter_exp[1024];
2604 char *attr_array[3];
2606 char distinguished_name[1024];
2607 char user_name[512];
2610 LK_ENTRY *group_base;
2621 if (!check_string(av[U_NAME]))
2623 critical_alert("AD incremental - user change status",
2624 "invalid LDAP user name %s",
2628 strcpy(user_name, av[U_NAME]);
2629 operation = (int)call_args[2];
2632 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2633 attr_array[0] = "UserAccountControl";
2634 attr_array[1] = NULL;
2635 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2636 &group_base, &group_count)) != 0)
2638 critical_alert("AD incremental - user change status",
2639 "LDAP server couldn't process user %s : %s",
2640 user_name, ldap_err2string(rc));
2644 if (group_count != 1)
2646 critical_alert("AD incremental - user change status",
2647 "LDAP server unable to find user %s in AD.",
2652 strcpy(distinguished_name, group_base->dn);
2653 ulongValue = atoi((*group_base).value);
2654 if (operation == MEMBER_DEACTIVATE)
2655 ulongValue |= UF_ACCOUNTDISABLE;
2657 ulongValue &= ~UF_ACCOUNTDISABLE;
2658 sprintf(temp, "%ld", ulongValue);
2659 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2660 temp, &modvalues, REPLACE)) == 1)
2662 linklist_free(group_base);
2666 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2668 rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods);
2669 for (i = 0; i < n; i++)
2671 free_values(modvalues);
2672 if (rc != LDAP_SUCCESS)
2674 critical_alert("AD incremental - user change status",
2675 "LDAP server could not change status of user %s : %s",
2676 user_name, ldap_err2string(rc));
2679 linklist_free(group_base);
2683 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2685 char filter_exp[1024];
2686 char *attr_array[3];
2687 char distinguished_name[1024];
2688 char user_name[512];
2689 LK_ENTRY *group_base;
2693 if (!check_string(u_name))
2695 strcpy(user_name, u_name);
2698 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2699 attr_array[0] = "name";
2700 attr_array[1] = NULL;
2701 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2702 &group_base, &group_count)) != 0)
2704 critical_alert("AD incremental",
2705 "LDAP server couldn't process user %s : %s",
2706 user_name, ldap_err2string(rc));
2710 if (group_count != 1)
2712 critical_alert("AD incremental - user change status",
2713 "LDAP server unable to find user %s in AD.",
2718 strcpy(distinguished_name, group_base->dn);
2719 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2721 critical_alert("AD incremental",
2722 "LDAP server couldn't process user %s : %s",
2723 user_name, ldap_err2string(rc));
2727 linklist_free(group_base);
2731 void linklist_free(LK_ENTRY *linklist_base)
2733 LK_ENTRY *linklist_previous;
2735 while (linklist_base != NULL)
2737 if (linklist_base->dn != NULL)
2738 free(linklist_base->dn);
2739 if (linklist_base->attribute != NULL)
2740 free(linklist_base->attribute);
2741 if (linklist_base->value != NULL)
2742 free(linklist_base->value);
2743 if (linklist_base->member != NULL)
2744 free(linklist_base->member);
2745 if (linklist_base->type != NULL)
2746 free(linklist_base->type);
2747 if (linklist_base->list != NULL)
2748 free(linklist_base->list);
2749 linklist_previous = linklist_base;
2750 linklist_base = linklist_previous->next;
2751 free(linklist_previous);
2755 void free_values(char **modvalues)
2760 if (modvalues != NULL)
2762 while (modvalues[i] != NULL)
2765 modvalues[i] = NULL;
2772 int sid_update(LDAP *ldap_handle, char *dn_path)
2776 unsigned char temp[126];
2783 memset(temp, 0, sizeof(temp));
2784 convert_b_to_a(temp, ptr->value, ptr->length);
2785 av[0] = ptr->member;
2787 if (ptr->type == (char *)GROUPS)
2790 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2792 else if (ptr->type == (char *)USERS)
2795 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2802 void convert_b_to_a(char *string, UCHAR *binary, int length)
2809 for (i = 0; i < length; i++)
2816 if (string[j] > '9')
2819 string[j] = tmp & 0x0f;
2821 if (string[j] > '9')
2828 static int illegalchars[] = {
2829 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2830 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2831 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2832 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2833 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2834 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2835 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2836 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2837 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2838 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2839 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2840 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2841 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2842 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2843 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2844 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2847 int check_string(char *s)
2854 if (isupper(character))
2855 character = tolower(character);
2856 if (illegalchars[(unsigned) character])
2862 int mr_connect_cl(char *server, char *client, int version, int auth)
2868 status = mr_connect(server);
2871 com_err(whoami, status, "while connecting to Moira");
2875 status = mr_motd(&motd);
2879 com_err(whoami, status, "while checking server status");
2884 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
2885 com_err(whoami, status, temp);
2890 status = mr_version(version);
2893 if (status == MR_UNKNOWN_PROC)
2896 status = MR_VERSION_HIGH;
2898 status = MR_SUCCESS;
2901 if (status == MR_VERSION_HIGH)
2903 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2904 com_err(whoami, 0, "Some operations may not work.");
2906 else if (status && status != MR_VERSION_LOW)
2908 com_err(whoami, status, "while setting query version number.");
2916 status = mr_auth(client);
2919 com_err(whoami, status, "while authenticating to Moira.");
2928 void expand_groups(LDAP *ldap_handle, char *dn_path, char *group_name)
2930 LK_ENTRY *group_base = NULL;
2931 LK_ENTRY *ptr = NULL;
2940 call_args[0] = (char *)ldap_handle;
2941 call_args[1] = dn_path;
2942 call_args[2] = group_name;
2943 call_args[3] = NULL;
2945 linklist_free(member_base);
2947 linklist_free(sid_base);
2949 if (mr_query("get_lists_of_member", 2, av, list_list_build, call_args) == MR_NO_MATCH)
2951 if (member_base == NULL)
2955 group_base = member_base;
2968 av[1] = ptr->member;
2969 call_args[0] = (char *)ldap_handle;
2970 call_args[1] = dn_path;
2971 call_args[2] = ptr->member;
2972 call_args[3] = NULL;
2973 mr_query("get_lists_of_member", 2, av, list_list_build, call_args);
2983 if (before_count == after_count)
2987 group_base = member_base;
2994 sid_ptr = &sid_base;
2995 av[0] = ptr->member;
2997 call_args[0] = (char *)ldap_handle;
2998 call_args[1] = dn_path;
2999 call_args[2] = ptr->member;
3000 call_args[3] = NULL;
3001 call_args[4] = NULL;
3002 call_args[5] = NULL;
3003 call_args[6] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3004 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3006 linklist_free(member_base);
3011 if (sid_base != NULL)
3013 sid_update(ldap_handle, dn_path);
3014 linklist_free(sid_base);
3019 if (!(rc = mr_query("get_end_members_of_list", 1, av, member_list_build,
3022 if (member_base == NULL)
3024 member_remove(ldap_handle, dn_path, ptr->member,
3025 call_args[3], call_args[4], call_args[5]);
3029 rc = member_list_process(ldap_handle, dn_path, ptr->member,
3030 call_args[3], call_args[4], call_args[5],
3031 MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3034 linklist_free(member_base);
3036 if (call_args[3] != NULL)
3038 if (call_args[4] != NULL)
3040 call_args[3] = NULL;
3041 call_args[4] = NULL;
3042 call_args[5] = NULL;
3043 call_args[6] = NULL;
3046 linklist_free(group_base);
3051 void AfsToWinAfs(char* path, char* winPath)
3055 strcpy(winPath, WINAFS);
3056 pathPtr = path + strlen(AFS);
3057 winPathPtr = winPath + strlen(WINAFS);
3061 if (*pathPtr == '/')
3064 *winPathPtr = *pathPtr;