2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define WINADCFG "/moira/winad/winad.cfg"
145 #define strnicmp(A,B,C) strncasecmp(A,B,C)
146 #define UCHAR unsigned char
148 #define UF_SCRIPT 0x0001
149 #define UF_ACCOUNTDISABLE 0x0002
150 #define UF_HOMEDIR_REQUIRED 0x0008
151 #define UF_LOCKOUT 0x0010
152 #define UF_PASSWD_NOTREQD 0x0020
153 #define UF_PASSWD_CANT_CHANGE 0x0040
154 #define UF_DONT_EXPIRE_PASSWD 0x10000
156 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157 #define UF_NORMAL_ACCOUNT 0x0200
158 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160 #define UF_SERVER_TRUST_ACCOUNT 0x2000
162 #define OWNER_SECURITY_INFORMATION (0x00000001L)
163 #define GROUP_SECURITY_INFORMATION (0x00000002L)
164 #define DACL_SECURITY_INFORMATION (0x00000004L)
165 #define SACL_SECURITY_INFORMATION (0x00000008L)
168 #define BYTE unsigned char
170 typedef unsigned int DWORD;
171 typedef unsigned long ULONG;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
181 typedef struct _SID_IDENTIFIER_AUTHORITY {
183 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
185 typedef struct _SID {
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
194 #define WINADCFG "winad.cfg"
198 #define WINAFS "\\\\afs\\all\\"
200 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
201 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
206 #define QUERY_VERSION -1
207 #define PRIMARY_REALM "ATHENA.MIT.EDU"
208 #define PRIMARY_DOMAIN "win.mit.edu"
209 #define PRODUCTION_PRINCIPAL "sms"
210 #define TEST_PRINCIPAL "smstest"
219 #define MEMBER_REMOVE 2
220 #define MEMBER_CHANGE_NAME 3
221 #define MEMBER_ACTIVATE 4
222 #define MEMBER_DEACTIVATE 5
223 #define MEMBER_CREATE 6
225 #define MOIRA_ALL 0x0
226 #define MOIRA_USERS 0x1
227 #define MOIRA_KERBEROS 0x2
228 #define MOIRA_STRINGS 0x4
229 #define MOIRA_LISTS 0x8
231 #define CHECK_GROUPS 1
232 #define CLEANUP_GROUPS 2
234 #define AD_NO_GROUPS_FOUND -1
235 #define AD_WRONG_GROUP_DN_FOUND -2
236 #define AD_MULTIPLE_GROUPS_FOUND -3
237 #define AD_INVALID_NAME -4
238 #define AD_LDAP_FAILURE -5
239 #define AD_INVALID_FILESYS -6
240 #define AD_NO_ATTRIBUTE_FOUND -7
241 #define AD_NO_OU_FOUND -8
242 #define AD_NO_USER_FOUND -9
244 /* container arguments */
245 #define CONTAINER_NAME 0
246 #define CONTAINER_DESC 1
247 #define CONTAINER_LOCATION 2
248 #define CONTAINER_CONTACT 3
249 #define CONTAINER_TYPE 4
250 #define CONTAINER_ID 5
251 #define CONTAINER_ROWID 6
252 #define CONTAINER_GROUP_NAME 7
254 /*mcntmap arguments*/
255 #define OU_MACHINE_NAME 0
256 #define OU_CONTAINER_NAME 1
257 #define OU_MACHINE_ID 2
258 #define OU_CONTAINER_ID 3
259 #define OU_CONTAINER_GROUP 4
261 typedef struct lk_entry {
271 struct lk_entry *next;
274 #define STOP_FILE "/moira/winad/nowinad"
275 #define file_exists(file) (access((file), F_OK) == 0)
277 #define N_SD_BER_BYTES 5
278 #define LDAP_BERVAL struct berval
279 #define MAX_SERVER_NAMES 32
281 #define HIDDEN_GROUP "HiddenGroup.g"
282 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
283 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
284 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
286 #define ADD_ATTR(t, v, o) \
287 mods[n] = malloc(sizeof(LDAPMod)); \
288 mods[n]->mod_op = o; \
289 mods[n]->mod_type = t; \
290 mods[n++]->mod_values = v
292 #define DEL_ATTR(t, o) \
293 DelMods[i] = malloc(sizeof(LDAPMod)); \
294 DelMods[i]->mod_op = o; \
295 DelMods[i]->mod_type = t; \
296 DelMods[i++]->mod_values = NULL
298 #define DOMAIN_SUFFIX "MIT.EDU"
299 #define DOMAIN "DOMAIN:"
300 #define PRINCIPALNAME "PRINCIPAL:"
301 #define SERVER "SERVER:"
305 char PrincipalName[128];
307 #define KRB5CCNAME "KRB5CCNAME=/tmp/krb5cc_winad.incr"
308 #define KRBTKFILE "KRBTKFILE=/tmp/tkt_winad.incr"
309 #define KEYTABFILE "/etc/krb5.keytab"
311 #define KRB5CCNAME "KRB5CCNAME=\\tmp\\krb5cc_winad.incr"
312 #define KRBTKFILE "KRBTKFILE=\\tmp\\tkt_winad.incr"
313 #define KEYTABFILE "\\keytabs\\krb5.keytab"
316 LK_ENTRY *member_base = NULL;
317 LK_ENTRY *sid_base = NULL;
318 LK_ENTRY **sid_ptr = NULL;
319 static char tbl_buf[1024];
320 char kerberos_ou[] = "OU=kerberos,OU=moira";
321 char contact_ou[] = "OU=strings,OU=moira";
322 char user_ou[] = "OU=users,OU=moira";
323 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
324 char group_ou_root[] = "OU=lists,OU=moira";
325 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
326 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
327 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
328 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
329 char orphans_other_ou[] = "OU=Other,OU=Orphans";
330 char security_template_ou[] = "OU=security_templates";
332 char ldap_domain[256];
333 char *ServerList[MAX_SERVER_NAMES];
334 int mr_connections = 0;
336 char default_server[256];
337 static char tbl_buf[1024];
339 int NoChangeConfigFile;
341 extern int set_password(char *user, char *password, char *domain);
343 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
344 char *group_membership, char *MoiraId, char *attribute,
345 LK_ENTRY **linklist_base, int *linklist_count,
347 void AfsToWinAfs(char* path, char* winPath);
348 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
349 char *Win2kPassword, char *Win2kUser, char *default_server,
350 int connect_to_kdc, char **ServerList);
351 void ad_kdc_disconnect();
352 int ad_server_connect(char *connectedServer, char *domain);
353 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
354 char *attribute_value, char *attribute, char *user_name);
355 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
356 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
357 void check_winad(void);
358 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
360 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
361 char *distinguishedName, int count, char **av);
362 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
363 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
364 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
365 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
366 char *distinguishedName, int count, char **av);
367 void container_get_dn(char *src, char *dest);
368 void container_get_name(char *src, char *dest);
369 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
370 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
371 int afterc, char **after);
372 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
373 int afterc, char **after);
375 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
376 char *fs_type, char *fs_pack, int operation);
377 int GetAceInfo(int ac, char **av, void *ptr);
378 int GetServerList(char *ldap_domain, char **MasterServe);
379 int get_group_membership(char *group_membership, char *group_ou,
380 int *security_flag, char **av);
381 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
382 int Moira_container_group_create(char **after);
383 int Moira_container_group_delete(char **before);
384 int Moira_groupname_create(char *GroupName, char *ContainerName,
385 char *ContainerRowID);
386 int Moira_container_group_update(char **before, char **after);
387 int Moira_process_machine_container_group(char *MachineName, char* groupName,
389 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
390 int Moira_getContainerGroup(int ac, char **av, void *ptr);
391 int Moira_getGroupName(char *origContainerName, char *GroupName,
393 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
394 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
395 int UpdateGroup, int *ProcessGroup);
396 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
397 char *group_name, char *group_ou, char *group_membership,
398 int group_security_flag, int type);
399 int process_lists(int ac, char **av, void *ptr);
400 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
401 int HiddenGroup, char *AceType, char *AceName);
402 int ProcessMachineName(int ac, char **av, void *ptr);
403 void ReadConfigFile();
404 void StringTrim(char *StringToTrim);
405 int user_create(int ac, char **av, void *ptr);
406 int user_change_status(LDAP *ldap_handle, char *dn_path,
407 char *user_name, char *MoiraId, int operation);
408 int user_delete(LDAP *ldap_handle, char *dn_path,
409 char *u_name, char *MoiraId);
410 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
412 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
413 char *uid, char *MitId, char *MoiraId, int State,
414 char *WinHomeDir, char *WinProfileDir);
415 void change_to_lower_case(char *ptr);
416 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
417 int group_create(int ac, char **av, void *ptr);
418 int group_delete(LDAP *ldap_handle, char *dn_path,
419 char *group_name, char *group_membership, char *MoiraId);
420 int group_rename(LDAP *ldap_handle, char *dn_path,
421 char *before_group_name, char *before_group_membership,
422 char *before_group_ou, int before_security_flag, char *before_desc,
423 char *after_group_name, char *after_group_membership,
424 char *after_group_ou, int after_security_flag, char *after_desc,
425 char *MoiraId, char *filter);
426 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
427 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
428 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
429 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
430 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
431 char *group_name, char *group_ou, char *group_membership,
432 int group_security_flag, int updateGroup);
433 int member_list_build(int ac, char **av, void *ptr);
434 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
435 char *group_ou, char *group_membership,
436 char *user_name, char *pUserOu, char *MoiraId);
437 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
438 char *group_ou, char *group_membership, char *user_name,
439 char *pUserOu, char *MoiraId);
440 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
441 char *group_ou, char *group_membership,
442 int group_security_flag, char *MoiraId);
443 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
444 char *WinHomeDir, char *WinProfileDir,
445 char **homedir_v, char **winProfile_v,
446 char **drives_v, LDAPMod **mods,
448 int sid_update(LDAP *ldap_handle, char *dn_path);
449 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
450 int check_string(char *s);
451 int check_container_name(char* s);
452 void convert_b_to_a(char *string, UCHAR *binary, int length);
453 int mr_connect_cl(char *server, char *client, int version, int auth);
455 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
456 char **before, int beforec, char **after, int afterc);
457 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
458 char **before, int beforec, char **after, int afterc);
459 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
460 char **before, int beforec, char **after, int afterc);
461 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
462 char **before, int beforec, char **after, int afterc);
463 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
464 char **before, int beforec, char **after, int afterc);
465 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
466 char **before, int beforec, char **after, int afterc);
467 int linklist_create_entry(char *attribute, char *value,
468 LK_ENTRY **linklist_entry);
469 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
470 char **attr_array, LK_ENTRY **linklist_base,
471 int *linklist_count, unsigned long ScopeType);
472 void linklist_free(LK_ENTRY *linklist_base);
474 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
475 char *distinguished_name, LK_ENTRY **linklist_current);
476 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
477 LK_ENTRY **linklist_base, int *linklist_count);
478 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
479 char *Attribute, char *distinguished_name,
480 LK_ENTRY **linklist_current);
482 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
483 char *oldValue, char *newValue,
484 char ***modvalues, int type);
485 void free_values(char **modvalues);
487 int convert_domain_to_dn(char *domain, char **bind_path);
488 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
489 char *distinguished_name);
490 int moira_disconnect(void);
491 int moira_connect(void);
492 void print_to_screen(const char *fmt, ...);
493 int GetMachineName(char *MachineName);
494 int tickets_get_k5();
496 int destroy_cache(void);
499 int main(int argc, char **argv)
513 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
517 com_err(whoami, 0, "Unable to process %s", "argc < 4");
520 beforec = atoi(argv[2]);
521 afterc = atoi(argv[3]);
523 if (argc < (4 + beforec + afterc))
525 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
531 after = &argv[4 + beforec];
538 for (i = 1; i < argc; i++)
540 strcat(tbl_buf, argv[i]);
541 strcat(tbl_buf, " ");
543 com_err(whoami, 0, "%s", tbl_buf);
545 memset(PrincipalName, '\0', sizeof(PrincipalName));
546 memset(ldap_domain, '\0', sizeof(ldap_domain));
547 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
549 NoChangeConfigFile = 0;
554 OldUseSFU30 = UseSFU30;
558 initialize_sms_error_table();
559 initialize_krb_error_table();
561 memset(default_server, '\0', sizeof(default_server));
562 memset(dn_path, '\0', sizeof(dn_path));
563 for (i = 0; i < 5; i++)
565 ldap_handle = (LDAP *)NULL;
566 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
567 default_server, 1, ServerList)))
569 if (ldap_handle == NULL)
571 if (!NoChangeConfigFile)
573 for (j = 0; j < MAX_SERVER_NAMES; j++)
575 if (ServerList[j] != NULL)
578 ServerList[j] = NULL;
581 GetServerList(ldap_domain, ServerList);
586 if ((rc) || (ldap_handle == NULL))
588 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
593 for (i = 0; i < (int)strlen(table); i++)
594 table[i] = tolower(table[i]);
596 if (!strcmp(table, "users"))
597 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
599 else if (!strcmp(table, "list"))
600 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
602 else if (!strcmp(table, "imembers"))
603 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
605 else if (!strcmp(table, "filesys"))
606 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
608 else if (!strcmp(table, "containers"))
609 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
611 else if (!strcmp(table, "mcntmap"))
612 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
614 if (OldUseSFU30 != UseSFU30)
616 if (!NoChangeConfigFile)
617 GetServerList(ldap_domain, ServerList);
620 for (i = 0; i < MAX_SERVER_NAMES; i++)
622 if (ServerList[i] != NULL)
625 ServerList[i] = NULL;
628 rc = ldap_unbind_s(ldap_handle);
633 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
634 char **before, int beforec, char **after, int afterc)
636 char MoiraContainerName[128];
637 char ADContainerName[128];
638 char MachineName[1024];
639 char OriginalMachineName[1024];
642 char MoiraContainerGroup[64];
645 memset(ADContainerName, '\0', sizeof(ADContainerName));
646 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
648 if ((beforec == 0) && (afterc == 0))
651 if (rc = moira_connect())
653 critical_alert("AD incremental",
654 "Error contacting Moira server : %s",
659 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
661 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
662 strcpy(MachineName, before[OU_MACHINE_NAME]);
663 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
665 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
667 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
669 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
670 strcpy(MachineName, after[OU_MACHINE_NAME]);
671 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
672 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
680 rc = GetMachineName(MachineName);
681 if (strlen(MachineName) == 0)
684 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
687 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
689 if (machine_check(ldap_handle, dn_path, MachineName))
691 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
695 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
696 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
697 if (strlen(MoiraContainerName) == 0)
699 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
700 OriginalMachineName, MachineName);
701 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
705 container_get_dn(MoiraContainerName, ADContainerName);
706 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
707 strcat(MoiraContainerName, "/");
708 container_check(ldap_handle, dn_path, MoiraContainerName);
709 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
714 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
715 char **before, int beforec, char **after, int afterc)
719 if ((beforec == 0) && (afterc == 0))
722 if (rc = moira_connect())
724 critical_alert("AD incremental", "Error contacting Moira server : %s",
729 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
731 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
732 container_delete(ldap_handle, dn_path, beforec, before);
733 Moira_container_group_delete(before);
737 if ((beforec == 0) && (afterc != 0)) /*create a container*/
739 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
740 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
741 container_create(ldap_handle, dn_path, afterc, after);
742 Moira_container_group_create(after);
747 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
749 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
750 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
751 Moira_container_group_update(before, after);
755 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
756 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
757 Moira_container_group_update(before, after);
762 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
763 char **before, int beforec, char **after, int afterc)
776 if (afterc < FS_CREATE)
780 atype = !strcmp(after[FS_TYPE], "AFS");
781 acreate = atoi(after[FS_CREATE]);
784 if (beforec < FS_CREATE)
786 if (acreate == 0 || atype == 0)
788 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
792 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
793 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
795 if (rc != LDAP_SUCCESS)
796 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
803 if (rc = moira_connect())
805 critical_alert("AD incremental",
806 "Error contacting Moira server : %s",
810 av[0] = after[FS_NAME];
811 call_args[0] = (char *)ldap_handle;
812 call_args[1] = dn_path;
818 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
822 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
828 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
831 if (sid_base != NULL)
833 sid_update(ldap_handle, dn_path);
834 linklist_free(sid_base);
842 btype = !strcmp(before[FS_TYPE], "AFS");
843 bcreate = atoi(before[FS_CREATE]);
844 if (afterc < FS_CREATE)
846 if (btype && bcreate)
848 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
849 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
851 com_err(whoami, 0, "Unable to delete filesys %s", before[FS_NAME]);
860 if (!atype && !btype)
862 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
864 com_err(whoami, 0, "Unable to process Filesystem %s or %s is not AFS",
865 before[FS_NAME], after[FS_NAME]);
869 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
873 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
874 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
876 if (rc != LDAP_SUCCESS)
877 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
884 if (rc = moira_connect())
886 critical_alert("AD incremental",
887 "Error contacting Moira server : %s",
891 av[0] = after[FS_NAME];
892 call_args[0] = (char *)ldap_handle;
893 call_args[1] = dn_path;
899 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
903 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
909 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
912 if (sid_base != NULL)
914 sid_update(ldap_handle, dn_path);
915 linklist_free(sid_base);
925 #define L_LIST_DESC 9
928 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
929 char **before, int beforec, char **after, int afterc)
934 char group_membership[6];
939 char before_list_id[32];
940 char before_group_membership[1];
941 int before_security_flag;
942 char before_group_ou[256];
943 LK_ENTRY *ptr = NULL;
945 if (beforec == 0 && afterc == 0)
948 memset(list_id, '\0', sizeof(list_id));
949 memset(before_list_id, '\0', sizeof(before_list_id));
950 memset(before_group_ou, '\0', sizeof(before_group_ou));
951 memset(before_group_membership, '\0', sizeof(before_group_membership));
952 memset(group_ou, '\0', sizeof(group_ou));
953 memset(group_membership, '\0', sizeof(group_membership));
958 if (beforec < L_LIST_ID)
960 if (beforec > L_LIST_DESC)
962 strcpy(before_list_id, before[L_LIST_ID]);
964 before_security_flag = 0;
965 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
969 if (afterc < L_LIST_ID)
971 if (afterc > L_LIST_DESC)
973 strcpy(list_id, after[L_LIST_ID]);
976 get_group_membership(group_membership, group_ou, &security_flag, after);
979 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
986 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
987 before_group_ou, before_group_membership,
988 before_security_flag, CHECK_GROUPS)))
990 if (rc == AD_NO_GROUPS_FOUND)
994 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
996 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
997 before_group_ou, before_group_membership,
998 before_security_flag, CLEANUP_GROUPS);
1000 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1002 com_err(whoami, 0, "Unable to process list %s",
1006 if (rc == AD_NO_GROUPS_FOUND)
1012 if ((beforec != 0) && (afterc != 0))
1014 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1015 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1016 (strcmp(before_group_ou, group_ou)))) &&
1019 com_err(whoami, 0, "Changing list name from %s to %s",
1020 before[L_NAME], after[L_NAME]);
1021 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1022 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1024 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1027 memset(filter, '\0', sizeof(filter));
1028 if ((rc = group_rename(ldap_handle, dn_path,
1029 before[L_NAME], before_group_membership,
1030 before_group_ou, before_security_flag, before[L_LIST_DESC],
1031 after[L_NAME], group_membership,
1032 group_ou, security_flag, after[L_LIST_DESC],
1035 if (rc != AD_NO_GROUPS_FOUND)
1037 com_err(whoami, 0, "Unable to change list name from %s to %s",
1038 before[L_NAME], after[L_NAME]);
1051 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1053 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
1056 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1057 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1058 before_group_membership, before_list_id);
1065 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1066 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1067 group_ou, group_membership,
1068 security_flag, CHECK_GROUPS))
1070 if (rc != AD_NO_GROUPS_FOUND)
1072 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1074 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1075 group_ou, group_membership,
1076 security_flag, CLEANUP_GROUPS);
1080 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
1087 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1089 if (rc = moira_connect())
1091 critical_alert("AD incremental",
1092 "Error contacting Moira server : %s",
1098 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1102 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1105 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1106 group_ou, group_membership, security_flag, updateGroup))
1111 if (atoi(after[L_ACTIVE]))
1113 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1114 group_membership, security_flag, list_id);
1121 #define LM_EXTRA_ACTIVE (LM_END)
1122 #define LM_EXTRA_PUBLIC (LM_END+1)
1123 #define LM_EXTRA_HIDDEN (LM_END+2)
1124 #define LM_EXTRA_MAILLIST (LM_END+3)
1125 #define LM_EXTRA_GROUP (LM_END+4)
1126 #define LM_EXTRA_GID (LM_END+5)
1127 #define LMN_LIST_ID (LM_END+6)
1128 #define LM_LIST_ID (LM_END+7)
1129 #define LM_USER_ID (LM_END+8)
1130 #define LM_EXTRA_END (LM_END+9)
1132 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1133 char **before, int beforec, char **after, int afterc)
1135 char group_name[128];
1136 char user_name[128];
1137 char user_type[128];
1138 char moira_list_id[32];
1139 char moira_user_id[32];
1140 char group_membership[1];
1142 char machine_ou[256];
1148 char NewMachineName[1024];
1155 memset(moira_list_id, '\0', sizeof(moira_list_id));
1156 memset(moira_user_id, '\0', sizeof(moira_user_id));
1159 if (afterc < LM_EXTRA_GID)
1161 if (!atoi(after[LM_EXTRA_ACTIVE]))
1163 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
1167 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1169 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1170 after[2], after[0], after[0]);
1173 strcpy(user_name, after[LM_MEMBER]);
1174 strcpy(group_name, after[LM_LIST]);
1175 strcpy(user_type, after[LM_TYPE]);
1176 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1178 if (afterc > LM_EXTRA_GROUP)
1180 strcpy(moira_list_id, after[LMN_LIST_ID]);
1181 strcpy(moira_user_id, after[LM_LIST_ID]);
1184 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1186 if (afterc > LMN_LIST_ID)
1188 strcpy(moira_list_id, after[LM_LIST_ID]);
1189 strcpy(moira_user_id, after[LM_USER_ID]);
1194 if (afterc > LM_EXTRA_GID)
1195 strcpy(moira_list_id, after[LMN_LIST_ID]);
1200 if (beforec < LM_EXTRA_GID)
1202 if (!atoi(before[LM_EXTRA_ACTIVE]))
1204 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1208 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1210 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1211 before[2], before[0], before[0]);
1214 strcpy(user_name, before[LM_MEMBER]);
1215 strcpy(group_name, before[LM_LIST]);
1216 strcpy(user_type, before[LM_TYPE]);
1217 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1219 if (beforec > LM_EXTRA_GROUP)
1221 strcpy(moira_list_id, before[LMN_LIST_ID]);
1222 strcpy(moira_user_id, before[LM_LIST_ID]);
1225 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1227 if (beforec > LMN_LIST_ID)
1229 strcpy(moira_list_id, before[LM_LIST_ID]);
1230 strcpy(moira_user_id, before[LM_USER_ID]);
1235 if (beforec > LM_EXTRA_GID)
1236 strcpy(moira_list_id, before[LMN_LIST_ID]);
1242 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1246 args[L_NAME] = ptr[LM_LIST];
1247 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1248 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1249 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1250 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1251 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1252 args[L_GID] = ptr[LM_EXTRA_GID];
1255 memset(group_ou, '\0', sizeof(group_ou));
1256 get_group_membership(group_membership, group_ou, &security_flag, args);
1257 if (strlen(group_ou) == 0)
1259 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1262 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1264 if (rc != AD_NO_GROUPS_FOUND)
1266 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1268 if (rc != AD_NO_GROUPS_FOUND)
1271 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1273 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1279 if (rc == AD_NO_GROUPS_FOUND)
1281 if (rc = moira_connect())
1283 critical_alert("AD incremental",
1284 "Error contacting Moira server : %s",
1289 com_err(whoami, 0, "creating group %s", group_name);
1291 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1295 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1298 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1299 group_ou, group_membership, security_flag, 0))
1304 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1306 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1307 group_membership, security_flag, moira_list_id);
1314 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1316 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1318 memset(machine_ou, '\0', sizeof(machine_ou));
1319 memset(NewMachineName, '\0', sizeof(NewMachineName));
1320 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1322 ptr[LM_MEMBER] = NewMachineName;
1323 pUserOu = machine_ou;
1325 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1327 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1329 pUserOu = contact_ou;
1331 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1333 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1335 pUserOu = kerberos_ou;
1337 if (rc = member_remove(ldap_handle, dn_path, group_name,
1338 group_ou, group_membership, ptr[LM_MEMBER],
1339 pUserOu, moira_list_id))
1340 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1344 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1347 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1349 memset(machine_ou, '\0', sizeof(machine_ou));
1350 memset(NewMachineName, '\0', sizeof(NewMachineName));
1351 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1353 ptr[LM_MEMBER] = NewMachineName;
1354 pUserOu = machine_ou;
1356 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1358 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1360 pUserOu = contact_ou;
1362 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1364 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1366 pUserOu = kerberos_ou;
1368 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1370 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1371 moira_user_id)) == AD_NO_USER_FOUND)
1373 if (rc = moira_connect())
1375 critical_alert("AD incremental",
1376 "Error connection to Moira : %s",
1380 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1381 av[0] = ptr[LM_MEMBER];
1382 call_args[0] = (char *)ldap_handle;
1383 call_args[1] = dn_path;
1384 call_args[2] = moira_user_id;
1385 call_args[3] = NULL;
1387 sid_ptr = &sid_base;
1389 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1393 com_err(whoami, 0, "Unable to create user %s : %s",
1394 ptr[LM_MEMBER], error_message(rc));
1400 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1404 if (sid_base != NULL)
1406 sid_update(ldap_handle, dn_path);
1407 linklist_free(sid_base);
1418 if (rc = member_add(ldap_handle, dn_path, group_name,
1419 group_ou, group_membership, ptr[LM_MEMBER],
1420 pUserOu, moira_list_id))
1422 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1428 #define U_USER_ID 10
1429 #define U_HOMEDIR 11
1430 #define U_PROFILEDIR 12
1432 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1433 char **before, int beforec, char **after,
1438 char after_user_id[32];
1439 char before_user_id[32];
1442 if ((beforec == 0) && (afterc == 0))
1445 memset(after_user_id, '\0', sizeof(after_user_id));
1446 memset(before_user_id, '\0', sizeof(before_user_id));
1447 if (beforec > U_USER_ID)
1448 strcpy(before_user_id, before[U_USER_ID]);
1449 if (afterc > U_USER_ID)
1450 strcpy(after_user_id, after[U_USER_ID]);
1452 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1455 if ((beforec == 0) && (afterc != 0))
1457 /*this case only happens when the account*/
1458 /*account is first created but not usable*/
1459 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1462 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1464 if (atoi(before[U_STATE]) == 0)
1466 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1467 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1471 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1476 /*process anything that gets here*/
1477 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1478 before_user_id)) == AD_NO_USER_FOUND)
1480 if (!check_string(after[U_NAME]))
1482 if (rc = moira_connect())
1484 critical_alert("AD incremental",
1485 "Error connection to Moira : %s",
1489 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1491 av[0] = after[U_NAME];
1492 call_args[0] = (char *)ldap_handle;
1493 call_args[1] = dn_path;
1494 call_args[2] = after_user_id;
1495 call_args[3] = NULL;
1497 sid_ptr = &sid_base;
1499 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1503 com_err(whoami, 0, "Unable to create user %s : %s",
1504 after[U_NAME], error_message(rc));
1510 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1514 if (sid_base != NULL)
1516 sid_update(ldap_handle, dn_path);
1517 linklist_free(sid_base);
1526 if (strcmp(before[U_NAME], after[U_NAME]))
1528 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1530 com_err(whoami, 0, "changing user %s to %s",
1531 before[U_NAME], after[U_NAME]);
1532 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1533 after[U_NAME])) != LDAP_SUCCESS)
1539 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1540 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1541 after[U_UID], after[U_MITID],
1542 after_user_id, atoi(after[U_STATE]),
1543 after[U_HOMEDIR], after[U_PROFILEDIR]);
1547 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1548 char *oldValue, char *newValue,
1549 char ***modvalues, int type)
1551 LK_ENTRY *linklist_ptr;
1555 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1560 for (i = 0; i < (modvalue_count + 1); i++)
1561 (*modvalues)[i] = NULL;
1562 if (modvalue_count != 0)
1564 linklist_ptr = linklist_base;
1565 for (i = 0; i < modvalue_count; i++)
1567 if ((oldValue != NULL) && (newValue != NULL))
1569 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1572 if (type == REPLACE)
1574 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1577 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1578 strcpy((*modvalues)[i], newValue);
1582 if (((*modvalues)[i] = calloc(1,
1583 (int)(cPtr - linklist_ptr->value) +
1584 (linklist_ptr->length - strlen(oldValue)) +
1585 strlen(newValue) + 1)) == NULL)
1587 memset((*modvalues)[i], '\0',
1588 (int)(cPtr - linklist_ptr->value) +
1589 (linklist_ptr->length - strlen(oldValue)) +
1590 strlen(newValue) + 1);
1591 memcpy((*modvalues)[i], linklist_ptr->value,
1592 (int)(cPtr - linklist_ptr->value));
1593 strcat((*modvalues)[i], newValue);
1594 strcat((*modvalues)[i],
1595 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1600 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1601 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1602 memcpy((*modvalues)[i], linklist_ptr->value,
1603 linklist_ptr->length);
1608 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1609 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1610 memcpy((*modvalues)[i], linklist_ptr->value,
1611 linklist_ptr->length);
1613 linklist_ptr = linklist_ptr->next;
1615 (*modvalues)[i] = NULL;
1621 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1622 char **attr_array, LK_ENTRY **linklist_base,
1623 int *linklist_count, unsigned long ScopeType)
1626 LDAPMessage *ldap_entry;
1630 (*linklist_base) = NULL;
1631 (*linklist_count) = 0;
1632 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1633 search_exp, attr_array, 0, &ldap_entry))
1636 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1640 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1642 ldap_msgfree(ldap_entry);
1647 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1648 LK_ENTRY **linklist_base, int *linklist_count)
1650 char distinguished_name[1024];
1651 LK_ENTRY *linklist_ptr;
1654 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1657 memset(distinguished_name, '\0', sizeof(distinguished_name));
1658 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1660 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1661 linklist_base)) != 0)
1664 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1666 memset(distinguished_name, '\0', sizeof(distinguished_name));
1667 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1669 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1670 linklist_base)) != 0)
1674 linklist_ptr = (*linklist_base);
1675 (*linklist_count) = 0;
1676 while (linklist_ptr != NULL)
1678 ++(*linklist_count);
1679 linklist_ptr = linklist_ptr->next;
1684 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1685 char *distinguished_name, LK_ENTRY **linklist_current)
1691 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1693 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1695 ldap_memfree(Attribute);
1696 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1699 retrieve_values(ldap_handle, ldap_entry, Attribute,
1700 distinguished_name, linklist_current);
1701 ldap_memfree(Attribute);
1704 ldap_ber_free(ptr, 0);
1708 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1709 char *Attribute, char *distinguished_name,
1710 LK_ENTRY **linklist_current)
1716 LK_ENTRY *linklist_previous;
1717 LDAP_BERVAL **ber_value;
1725 SID_IDENTIFIER_AUTHORITY *sid_auth;
1726 unsigned char *subauth_count;
1727 #endif /*LDAP_BEGUG*/
1730 memset(temp, '\0', sizeof(temp));
1731 if ((!strcmp(Attribute, "objectSid")) ||
1732 (!strcmp(Attribute, "objectGUID")))
1737 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1738 Ptr = (void **)ber_value;
1743 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1744 Ptr = (void **)str_value;
1751 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1753 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1754 linklist_previous->next = (*linklist_current);
1755 (*linklist_current) = linklist_previous;
1757 if (((*linklist_current)->attribute = calloc(1,
1758 strlen(Attribute) + 1)) == NULL)
1760 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1761 strcpy((*linklist_current)->attribute, Attribute);
1764 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1765 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1767 memset((*linklist_current)->value, '\0', ber_length);
1768 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1770 (*linklist_current)->length = ber_length;
1774 if (((*linklist_current)->value = calloc(1,
1775 strlen(*Ptr) + 1)) == NULL)
1777 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1778 (*linklist_current)->length = strlen(*Ptr);
1779 strcpy((*linklist_current)->value, *Ptr);
1781 (*linklist_current)->ber_value = use_bervalue;
1782 if (((*linklist_current)->dn = calloc(1,
1783 strlen(distinguished_name) + 1)) == NULL)
1785 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1786 strcpy((*linklist_current)->dn, distinguished_name);
1789 if (!strcmp(Attribute, "objectGUID"))
1791 guid = (GUID *)((*linklist_current)->value);
1792 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1793 guid->Data1, guid->Data2, guid->Data3,
1794 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1795 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1796 guid->Data4[6], guid->Data4[7]);
1797 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1799 else if (!strcmp(Attribute, "objectSid"))
1801 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1803 print_to_screen(" Revision = %d\n", sid->Revision);
1804 print_to_screen(" SID Identifier Authority:\n");
1805 sid_auth = &sid->IdentifierAuthority;
1806 if (sid_auth->Value[0])
1807 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1808 else if (sid_auth->Value[1])
1809 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1810 else if (sid_auth->Value[2])
1811 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1812 else if (sid_auth->Value[3])
1813 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1814 else if (sid_auth->Value[5])
1815 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1817 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1818 subauth_count = GetSidSubAuthorityCount(sid);
1819 print_to_screen(" SidSubAuthorityCount = %d\n",
1821 print_to_screen(" SidSubAuthority:\n");
1822 for (i = 0; i < *subauth_count; i++)
1824 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1825 print_to_screen(" %u\n", *subauth);
1829 else if ((!memcmp(Attribute, "userAccountControl",
1830 strlen("userAccountControl"))) ||
1831 (!memcmp(Attribute, "sAMAccountType",
1832 strlen("sAmAccountType"))))
1834 intValue = atoi(*Ptr);
1835 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1836 if (!memcmp(Attribute, "userAccountControl",
1837 strlen("userAccountControl")))
1839 if (intValue & UF_ACCOUNTDISABLE)
1840 print_to_screen(" %20s : %s\n",
1841 "", "Account disabled");
1843 print_to_screen(" %20s : %s\n",
1844 "", "Account active");
1845 if (intValue & UF_HOMEDIR_REQUIRED)
1846 print_to_screen(" %20s : %s\n",
1847 "", "Home directory required");
1848 if (intValue & UF_LOCKOUT)
1849 print_to_screen(" %20s : %s\n",
1850 "", "Account locked out");
1851 if (intValue & UF_PASSWD_NOTREQD)
1852 print_to_screen(" %20s : %s\n",
1853 "", "No password required");
1854 if (intValue & UF_PASSWD_CANT_CHANGE)
1855 print_to_screen(" %20s : %s\n",
1856 "", "Cannot change password");
1857 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1858 print_to_screen(" %20s : %s\n",
1859 "", "Temp duplicate account");
1860 if (intValue & UF_NORMAL_ACCOUNT)
1861 print_to_screen(" %20s : %s\n",
1862 "", "Normal account");
1863 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1864 print_to_screen(" %20s : %s\n",
1865 "", "Interdomain trust account");
1866 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1867 print_to_screen(" %20s : %s\n",
1868 "", "Workstation trust account");
1869 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1870 print_to_screen(" %20s : %s\n",
1871 "", "Server trust account");
1876 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1878 #endif /*LDAP_DEBUG*/
1880 if (str_value != NULL)
1881 ldap_value_free(str_value);
1882 if (ber_value != NULL)
1883 ldap_value_free_len(ber_value);
1885 (*linklist_current) = linklist_previous;
1889 int moira_connect(void)
1894 if (!mr_connections++)
1897 memset(HostName, '\0', sizeof(HostName));
1898 strcpy(HostName, "ttsp");
1899 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1901 rc = mr_connect(HostName);
1906 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1908 rc = mr_connect(uts.nodename);
1913 rc = mr_auth("winad.incr");
1920 void check_winad(void)
1924 for (i = 0; file_exists(STOP_FILE); i++)
1928 critical_alert("AD incremental",
1929 "WINAD incremental failed (%s exists): %s",
1930 STOP_FILE, tbl_buf);
1937 int moira_disconnect(void)
1940 if (!--mr_connections)
1947 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1948 char *distinguished_name)
1952 CName = ldap_get_dn(ldap_handle, ldap_entry);
1955 strcpy(distinguished_name, CName);
1956 ldap_memfree(CName);
1959 int linklist_create_entry(char *attribute, char *value,
1960 LK_ENTRY **linklist_entry)
1962 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1963 if (!(*linklist_entry))
1967 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1968 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1969 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1970 strcpy((*linklist_entry)->attribute, attribute);
1971 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1972 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1973 strcpy((*linklist_entry)->value, value);
1974 (*linklist_entry)->length = strlen(value);
1975 (*linklist_entry)->next = NULL;
1979 void print_to_screen(const char *fmt, ...)
1983 va_start(pvar, fmt);
1984 vfprintf(stderr, fmt, pvar);
1989 int get_group_membership(char *group_membership, char *group_ou,
1990 int *security_flag, char **av)
1995 maillist_flag = atoi(av[L_MAILLIST]);
1996 group_flag = atoi(av[L_GROUP]);
1997 if (security_flag != NULL)
1998 (*security_flag) = 0;
2000 if ((maillist_flag) && (group_flag))
2002 if (group_membership != NULL)
2003 group_membership[0] = 'B';
2004 if (security_flag != NULL)
2005 (*security_flag) = 1;
2006 if (group_ou != NULL)
2007 strcpy(group_ou, group_ou_both);
2009 else if ((!maillist_flag) && (group_flag))
2011 if (group_membership != NULL)
2012 group_membership[0] = 'S';
2013 if (security_flag != NULL)
2014 (*security_flag) = 1;
2015 if (group_ou != NULL)
2016 strcpy(group_ou, group_ou_security);
2018 else if ((maillist_flag) && (!group_flag))
2020 if (group_membership != NULL)
2021 group_membership[0] = 'D';
2022 if (group_ou != NULL)
2023 strcpy(group_ou, group_ou_distribution);
2027 if (group_membership != NULL)
2028 group_membership[0] = 'N';
2029 if (group_ou != NULL)
2030 strcpy(group_ou, group_ou_neither);
2035 int group_rename(LDAP *ldap_handle, char *dn_path,
2036 char *before_group_name, char *before_group_membership,
2037 char *before_group_ou, int before_security_flag, char *before_desc,
2038 char *after_group_name, char *after_group_membership,
2039 char *after_group_ou, int after_security_flag, char *after_desc,
2040 char *MoiraId, char *filter)
2045 char new_dn_path[512];
2047 char *attr_array[3];
2048 char *mitMoiraId_v[] = {NULL, NULL};
2049 char *name_v[] = {NULL, NULL};
2050 char *samAccountName_v[] = {NULL, NULL};
2051 char *groupTypeControl_v[] = {NULL, NULL};
2052 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2053 char groupTypeControlStr[80];
2057 LK_ENTRY *group_base;
2060 if (!check_string(before_group_name))
2062 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
2063 return(AD_INVALID_NAME);
2065 if (!check_string(after_group_name))
2067 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
2068 return(AD_INVALID_NAME);
2073 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2074 before_group_membership,
2075 MoiraId, "distinguishedName", &group_base,
2076 &group_count, filter))
2079 if (group_count == 0)
2081 return(AD_NO_GROUPS_FOUND);
2083 if (group_count != 1)
2086 "Unable to process multiple groups with MoiraId = %s exist in the AD",
2088 return(AD_MULTIPLE_GROUPS_FOUND);
2090 strcpy(old_dn, group_base->value);
2092 linklist_free(group_base);
2095 attr_array[0] = "sAMAccountName";
2096 attr_array[1] = NULL;
2097 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2098 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2100 com_err(whoami, 0, "Unable to get list %s dn : %s",
2101 after_group_name, ldap_err2string(rc));
2104 if (group_count != 1)
2107 "Unable to get sAMAccountName for group %s",
2109 return(AD_LDAP_FAILURE);
2112 strcpy(sam_name, group_base->value);
2113 linklist_free(group_base);
2117 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2118 sprintf(new_dn, "cn=%s", after_group_name);
2119 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2120 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2122 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2123 before_group_name, after_group_name, ldap_err2string(rc));
2127 name_v[0] = after_group_name;
2128 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2130 sprintf(sam_name, "%s_group", after_group_name);
2134 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
2135 before_group_name, after_group_name);
2138 samAccountName_v[0] = sam_name;
2139 if (after_security_flag)
2140 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2141 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2142 groupTypeControl_v[0] = groupTypeControlStr;
2143 mitMoiraId_v[0] = MoiraId;
2145 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2146 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
2148 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2149 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2150 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2151 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2153 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2155 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
2156 after_group_name, ldap_err2string(rc));
2158 for (i = 0; i < n; i++)
2163 int group_create(int ac, char **av, void *ptr)
2166 LK_ENTRY *group_base;
2169 char new_group_name[256];
2170 char sam_group_name[256];
2171 char cn_group_name[256];
2172 char *cn_v[] = {NULL, NULL};
2173 char *objectClass_v[] = {"top", "group", NULL};
2175 char *samAccountName_v[] = {NULL, NULL};
2176 char *altSecurityIdentities_v[] = {NULL, NULL};
2177 char *member_v[] = {NULL, NULL};
2178 char *name_v[] = {NULL, NULL};
2179 char *desc_v[] = {NULL, NULL};
2180 char *info_v[] = {NULL, NULL};
2181 char *mitMoiraId_v[] = {NULL, NULL};
2182 char *groupTypeControl_v[] = {NULL, NULL};
2183 char groupTypeControlStr[80];
2184 char group_membership[1];
2187 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2193 char *attr_array[3];
2198 if (!check_string(av[L_NAME]))
2200 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2201 return(AD_INVALID_NAME);
2204 updateGroup = (int)call_args[4];
2205 memset(group_ou, 0, sizeof(group_ou));
2206 memset(group_membership, 0, sizeof(group_membership));
2208 get_group_membership(group_membership, group_ou, &security_flag, av);
2209 strcpy(new_group_name, av[L_NAME]);
2210 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2212 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2214 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2219 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2220 groupTypeControl_v[0] = groupTypeControlStr;
2222 strcpy(cn_group_name, av[L_NAME]);
2224 samAccountName_v[0] = sam_group_name;
2225 name_v[0] = new_group_name;
2226 cn_v[0] = new_group_name;
2229 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2230 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2231 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2232 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2233 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2234 if (strlen(av[L_DESC]) != 0)
2236 desc_v[0] = av[L_DESC];
2237 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2239 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2240 if (strlen(av[L_ACE_NAME]) != 0)
2242 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2244 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2246 if (strlen(call_args[5]) != 0)
2248 mitMoiraId_v[0] = call_args[5];
2249 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2253 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2255 for (i = 0; i < n; i++)
2257 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2259 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2260 av[L_NAME], ldap_err2string(rc));
2265 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2267 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2268 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2269 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2271 if (strlen(call_args[5]) != 0)
2273 mitMoiraId_v[0] = call_args[5];
2274 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2276 if (!(atoi(av[L_ACTIVE])))
2279 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2285 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2286 for (i = 0; i < n; i++)
2288 if (rc != LDAP_SUCCESS)
2290 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2291 av[L_NAME], ldap_err2string(rc));
2298 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2299 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2301 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2302 if (strlen(call_args[5]) != 0)
2303 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2304 attr_array[0] = "objectSid";
2305 attr_array[1] = NULL;
2308 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2309 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2311 if (group_count != 1)
2313 if (strlen(call_args[5]) != 0)
2315 linklist_free(group_base);
2318 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2319 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2320 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2323 if (group_count == 1)
2325 (*sid_ptr) = group_base;
2326 (*sid_ptr)->member = strdup(av[L_NAME]);
2327 (*sid_ptr)->type = (char *)GROUPS;
2328 sid_ptr = &(*sid_ptr)->next;
2332 if (group_base != NULL)
2333 linklist_free(group_base);
2338 if (group_base != NULL)
2339 linklist_free(group_base);
2341 return(LDAP_SUCCESS);
2344 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2345 int HiddenGroup, char *AceType, char *AceName)
2347 char filter_exp[1024];
2348 char *attr_array[5];
2349 char search_path[512];
2351 char TemplateDn[512];
2352 char TemplateSamName[128];
2354 char TargetSamName[128];
2355 char AceSamAccountName[128];
2357 unsigned char AceSid[128];
2358 unsigned char UserTemplateSid[128];
2359 char acBERBuf[N_SD_BER_BYTES];
2360 char GroupSecurityTemplate[256];
2362 int UserTemplateSidCount;
2369 int array_count = 0;
2371 LK_ENTRY *group_base;
2372 LDAP_BERVAL **ppsValues;
2373 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2374 { N_SD_BER_BYTES, acBERBuf },
2377 LDAPControl *apsServerControls[] = {&sControl, NULL};
2380 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2381 BEREncodeSecurityBits(dwInfo, acBERBuf);
2383 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2384 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2385 attr_array[0] = "sAMAccountName";
2386 attr_array[1] = NULL;
2389 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2390 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2392 if (group_count != 1)
2394 linklist_free(group_base);
2397 strcpy(TargetDn, group_base->dn);
2398 strcpy(TargetSamName, group_base->value);
2399 linklist_free(group_base);
2403 UserTemplateSidCount = 0;
2404 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2405 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2406 memset(AceSid, '\0', sizeof(AceSid));
2410 if (strlen(AceName) != 0)
2412 if (!strcmp(AceType, "LIST"))
2414 sprintf(AceSamAccountName, "%s_group", AceName);
2415 strcpy(root_ou, group_ou_root);
2417 else if (!strcmp(AceType, "USER"))
2419 sprintf(AceSamAccountName, "%s", AceName);
2420 strcpy(root_ou, user_ou);
2422 if (strlen(AceSamAccountName) != 0)
2424 sprintf(search_path, "%s", dn_path);
2425 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2426 attr_array[0] = "objectSid";
2427 attr_array[1] = NULL;
2430 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2431 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2433 if (group_count == 1)
2435 strcpy(AceDn, group_base->dn);
2436 AceSidCount = group_base->length;
2437 memcpy(AceSid, group_base->value, AceSidCount);
2439 linklist_free(group_base);
2444 if (AceSidCount == 0)
2446 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2447 com_err(whoami, 0, " Non-admin security group template will be used.");
2451 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2452 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2453 attr_array[0] = "objectSid";
2454 attr_array[1] = NULL;
2458 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2459 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2461 if ((rc != 0) || (group_count != 1))
2463 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2468 UserTemplateSidCount = group_base->length;
2469 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2471 linklist_free(group_base);
2478 if (AceSidCount == 0)
2480 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2481 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2485 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2486 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2491 if (AceSidCount == 0)
2493 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2494 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2498 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2499 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2503 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2504 attr_array[0] = "sAMAccountName";
2505 attr_array[1] = NULL;
2508 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2509 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2511 if (group_count != 1)
2513 linklist_free(group_base);
2514 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2517 strcpy(TemplateDn, group_base->dn);
2518 strcpy(TemplateSamName, group_base->value);
2519 linklist_free(group_base);
2523 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2524 rc = ldap_search_ext_s(ldap_handle,
2536 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2538 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2541 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2542 if (ppsValues == NULL)
2544 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2548 if (AceSidCount != 0)
2550 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2552 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2554 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2556 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2564 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2567 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2568 for (i = 0; i < n; i++)
2570 ldap_value_free_len(ppsValues);
2571 ldap_msgfree(psMsg);
2572 if (rc != LDAP_SUCCESS)
2574 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2575 TargetGroupName, ldap_err2string(rc));
2576 if (AceSidCount != 0)
2578 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2580 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2581 HiddenGroup, "", ""))
2583 com_err(whoami, 0, "Unable to set security for group %s.",
2593 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2594 char *group_membership, char *MoiraId)
2596 LK_ENTRY *group_base;
2602 if (!check_string(group_name))
2604 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2605 return(AD_INVALID_NAME);
2608 memset(filter, '\0', sizeof(filter));
2611 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2612 if (rc = ad_get_group(ldap_handle, temp, group_name,
2613 group_membership, MoiraId,
2614 "distinguishedName", &group_base,
2615 &group_count, filter))
2618 if (group_count == 1)
2620 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2622 linklist_free(group_base);
2623 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2624 group_name, ldap_err2string(rc));
2627 linklist_free(group_base);
2631 linklist_free(group_base);
2632 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2633 return(AD_NO_GROUPS_FOUND);
2639 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2645 return(N_SD_BER_BYTES);
2648 int process_lists(int ac, char **av, void *ptr)
2653 char group_membership[2];
2659 memset(group_ou, '\0', sizeof(group_ou));
2660 memset(group_membership, '\0', sizeof(group_membership));
2661 get_group_membership(group_membership, group_ou, &security_flag, av);
2662 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2663 group_ou, group_membership, call_args[2],
2664 (char *)call_args[3], "");
2668 int member_list_build(int ac, char **av, void *ptr)
2676 strcpy(temp, av[ACE_NAME]);
2677 if (!check_string(temp))
2679 if (!strcmp(av[ACE_TYPE], "USER"))
2681 if (!((int)call_args[3] & MOIRA_USERS))
2684 else if (!strcmp(av[ACE_TYPE], "STRING"))
2686 if (!((int)call_args[3] & MOIRA_STRINGS))
2688 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2691 else if (!strcmp(av[ACE_TYPE], "LIST"))
2693 if (!((int)call_args[3] & MOIRA_LISTS))
2696 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2698 if (!((int)call_args[3] & MOIRA_KERBEROS))
2700 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2706 linklist = member_base;
2709 if (!strcasecmp(temp, linklist->member))
2711 linklist = linklist->next;
2713 linklist = calloc(1, sizeof(LK_ENTRY));
2715 linklist->dn = NULL;
2716 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2717 strcpy(linklist->list, call_args[2]);
2718 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2719 strcpy(linklist->type, av[ACE_TYPE]);
2720 linklist->member = calloc(1, strlen(temp) + 1);
2721 strcpy(linklist->member, temp);
2722 linklist->next = member_base;
2723 member_base = linklist;
2727 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2728 char *group_ou, char *group_membership, char *user_name,
2729 char *UserOu, char *MoiraId)
2731 char distinguished_name[1024];
2739 LK_ENTRY *group_base;
2742 if (!check_string(group_name))
2743 return(AD_INVALID_NAME);
2745 memset(filter, '\0', sizeof(filter));
2748 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2749 group_membership, MoiraId,
2750 "distinguishedName", &group_base,
2751 &group_count, filter))
2754 if (group_count != 1)
2756 com_err(whoami, 0, "Unable to find list %s in AD",
2758 linklist_free(group_base);
2763 strcpy(distinguished_name, group_base->value);
2764 linklist_free(group_base);
2768 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2769 modvalues[0] = temp;
2770 modvalues[1] = NULL;
2773 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2775 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2776 for (i = 0; i < n; i++)
2778 if (rc == LDAP_UNWILLING_TO_PERFORM)
2780 if (rc != LDAP_SUCCESS)
2782 com_err(whoami, 0, "Unable to modify list %s members : %s",
2783 group_name, ldap_err2string(rc));
2791 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2792 char *group_ou, char *group_membership, char *user_name,
2793 char *UserOu, char *MoiraId)
2795 char distinguished_name[1024];
2803 LK_ENTRY *group_base;
2806 if (!check_string(group_name))
2807 return(AD_INVALID_NAME);
2810 memset(filter, '\0', sizeof(filter));
2813 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2814 group_membership, MoiraId,
2815 "distinguishedName", &group_base,
2816 &group_count, filter))
2819 if (group_count != 1)
2821 linklist_free(group_base);
2824 com_err(whoami, 0, "Unable to find list %s in AD",
2826 return(AD_MULTIPLE_GROUPS_FOUND);
2829 strcpy(distinguished_name, group_base->value);
2830 linklist_free(group_base);
2834 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2835 modvalues[0] = temp;
2836 modvalues[1] = NULL;
2839 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2841 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2842 if (rc == LDAP_ALREADY_EXISTS)
2844 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2846 if (rc == LDAP_UNWILLING_TO_PERFORM)
2849 for (i = 0; i < n; i++)
2851 if (rc != LDAP_SUCCESS)
2853 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2854 user_name, group_name, ldap_err2string(rc));
2860 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2864 char cn_user_name[256];
2865 char contact_name[256];
2866 char *email_v[] = {NULL, NULL};
2867 char *cn_v[] = {NULL, NULL};
2868 char *contact_v[] = {NULL, NULL};
2869 char *objectClass_v[] = {"top", "person",
2870 "organizationalPerson",
2872 char *name_v[] = {NULL, NULL};
2873 char *desc_v[] = {NULL, NULL};
2878 if (!check_string(user))
2880 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2881 return(AD_INVALID_NAME);
2883 strcpy(contact_name, user);
2884 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2885 cn_v[0] = cn_user_name;
2886 contact_v[0] = contact_name;
2888 desc_v[0] = "Auto account created by Moira";
2891 strcpy(new_dn, cn_user_name);
2893 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2894 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2895 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2896 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2897 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2898 if (!strcmp(group_ou, contact_ou))
2900 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2904 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2905 for (i = 0; i < n; i++)
2907 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2910 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2911 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2912 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2913 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2914 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2916 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2917 for (i = 0; i < n; i++)
2920 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2922 com_err(whoami, 0, "Unable to create contact %s : %s",
2923 user, ldap_err2string(rc));
2929 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2930 char *Uid, char *MitId, char *MoiraId, int State,
2931 char *WinHomeDir, char *WinProfileDir)
2934 LK_ENTRY *group_base;
2936 char distinguished_name[512];
2937 char *mitMoiraId_v[] = {NULL, NULL};
2938 char *uid_v[] = {NULL, NULL};
2939 char *mitid_v[] = {NULL, NULL};
2940 char *homedir_v[] = {NULL, NULL};
2941 char *winProfile_v[] = {NULL, NULL};
2942 char *drives_v[] = {NULL, NULL};
2943 char *userAccountControl_v[] = {NULL, NULL};
2944 char userAccountControlStr[80];
2949 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2951 char *attr_array[3];
2954 if (!check_string(user_name))
2956 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2957 return(AD_INVALID_NAME);
2963 if (strlen(MoiraId) != 0)
2965 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2966 attr_array[0] = "cn";
2967 attr_array[1] = NULL;
2968 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2969 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2971 com_err(whoami, 0, "Unable to process user %s : %s",
2972 user_name, ldap_err2string(rc));
2976 if (group_count != 1)
2978 linklist_free(group_base);
2981 sprintf(filter, "(sAMAccountName=%s)", user_name);
2982 attr_array[0] = "cn";
2983 attr_array[1] = NULL;
2984 sprintf(temp, "%s,%s", user_ou, dn_path);
2985 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2986 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2988 com_err(whoami, 0, "Unable to process user %s : %s",
2989 user_name, ldap_err2string(rc));
2994 if (group_count != 1)
2996 com_err(whoami, 0, "Unable to find user %s in AD",
2998 linklist_free(group_base);
2999 return(AD_NO_USER_FOUND);
3001 strcpy(distinguished_name, group_base->dn);
3003 linklist_free(group_base);
3006 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
3007 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
3009 rc = attribute_update(ldap_handle, distinguished_name, "none", "employeeID", user_name);
3010 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
3011 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
3017 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3021 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3025 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3026 userAccountControl |= UF_ACCOUNTDISABLE;
3027 sprintf(userAccountControlStr, "%ld", userAccountControl);
3028 userAccountControl_v[0] = userAccountControlStr;
3029 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3031 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3032 WinProfileDir, homedir_v, winProfile_v,
3033 drives_v, mods, LDAP_MOD_REPLACE, n);
3036 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3038 OldUseSFU30 = UseSFU30;
3039 SwitchSFU(mods, &UseSFU30, n);
3040 if (OldUseSFU30 != UseSFU30)
3041 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3044 com_err(whoami, 0, "Unable to modify user data for %s : %s",
3045 user_name, ldap_err2string(rc));
3048 for (i = 0; i < n; i++)
3053 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3061 char *userPrincipalName_v[] = {NULL, NULL};
3062 char *altSecurityIdentities_v[] = {NULL, NULL};
3063 char *name_v[] = {NULL, NULL};
3064 char *samAccountName_v[] = {NULL, NULL};
3069 if (!check_string(before_user_name))
3071 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
3072 return(AD_INVALID_NAME);
3074 if (!check_string(user_name))
3076 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3077 return(AD_INVALID_NAME);
3080 strcpy(user_name, user_name);
3081 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3082 sprintf(new_dn, "cn=%s", user_name);
3083 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3084 NULL, NULL)) != LDAP_SUCCESS)
3086 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
3087 before_user_name, user_name, ldap_err2string(rc));
3091 name_v[0] = user_name;
3092 sprintf(upn, "%s@%s", user_name, ldap_domain);
3093 userPrincipalName_v[0] = upn;
3094 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3095 altSecurityIdentities_v[0] = temp;
3096 samAccountName_v[0] = user_name;
3099 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3100 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3101 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3102 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3104 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3105 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3107 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
3108 user_name, ldap_err2string(rc));
3110 for (i = 0; i < n; i++)
3115 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3116 char *fs_type, char *fs_pack, int operation)
3118 char distinguished_name[256];
3120 char winProfile[256];
3122 char *attr_array[3];
3125 LK_ENTRY *group_base;
3127 if (!check_string(fs_name))
3129 com_err(whoami, 0, "Unable to process invalid filesys name %s", fs_name);
3130 return(AD_INVALID_NAME);
3133 if (strcmp(fs_type, "AFS"))
3135 com_err(whoami, 0, "Unable to process invalid filesys type %s", fs_type);
3136 return(AD_INVALID_FILESYS);
3141 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3142 attr_array[0] = "cn";
3143 attr_array[1] = NULL;
3144 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3145 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3147 com_err(whoami, 0, "Unable to process filesys %s : %s",
3148 fs_name, ldap_err2string(rc));
3152 if (group_count != 1)
3154 linklist_free(group_base);
3155 com_err(whoami, 0, "Unable to find user %s in AD",
3157 return(LDAP_NO_SUCH_OBJECT);
3159 strcpy(distinguished_name, group_base->dn);
3160 linklist_free(group_base);
3163 if (operation == LDAP_MOD_ADD)
3165 memset(winPath, 0, sizeof(winPath));
3166 AfsToWinAfs(fs_pack, winPath);
3167 memset(winProfile, 0, sizeof(winProfile));
3168 strcpy(winProfile, winPath);
3169 strcat(winProfile, "\\.winprofile");
3171 rc = attribute_update(ldap_handle, distinguished_name, winProfile, "profilePath", fs_name);
3172 rc = attribute_update(ldap_handle, distinguished_name, "H:", "homeDrive", fs_name);
3173 rc = attribute_update(ldap_handle, distinguished_name, winPath, "homeDirectory", fs_name);
3178 rc = attribute_update(ldap_handle, distinguished_name, "", "profilePath", fs_name);
3179 rc = attribute_update(ldap_handle, distinguished_name, "", "homeDrive", fs_name);
3180 rc = attribute_update(ldap_handle, distinguished_name, "", "homeDirectory", fs_name);
3186 int user_create(int ac, char **av, void *ptr)
3188 LK_ENTRY *group_base;
3191 char user_name[256];
3194 char *cn_v[] = {NULL, NULL};
3195 char *objectClass_v[] = {"top", "person",
3196 "organizationalPerson",
3199 char *samAccountName_v[] = {NULL, NULL};
3200 char *altSecurityIdentities_v[] = {NULL, NULL};
3201 char *mitMoiraId_v[] = {NULL, NULL};
3202 char *name_v[] = {NULL, NULL};
3203 char *desc_v[] = {NULL, NULL};
3204 char *userPrincipalName_v[] = {NULL, NULL};
3205 char *userAccountControl_v[] = {NULL, NULL};
3206 char *uid_v[] = {NULL, NULL};
3207 char *mitid_v[] = {NULL, NULL};
3208 char *homedir_v[] = {NULL, NULL};
3209 char *winProfile_v[] = {NULL, NULL};
3210 char *drives_v[] = {NULL, NULL};
3211 char userAccountControlStr[80];
3213 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3220 char *attr_array[3];
3222 char WinHomeDir[1024];
3223 char WinProfileDir[1024];
3227 if (!check_string(av[U_NAME]))
3229 callback_rc = AD_INVALID_NAME;
3230 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
3231 return(AD_INVALID_NAME);
3234 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3235 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3236 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3237 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3238 strcpy(user_name, av[U_NAME]);
3239 sprintf(upn, "%s@%s", user_name, ldap_domain);
3240 sprintf(sam_name, "%s", av[U_NAME]);
3241 samAccountName_v[0] = sam_name;
3242 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3243 userAccountControl |= UF_ACCOUNTDISABLE;
3244 sprintf(userAccountControlStr, "%ld", userAccountControl);
3245 userAccountControl_v[0] = userAccountControlStr;
3246 userPrincipalName_v[0] = upn;
3248 cn_v[0] = user_name;
3249 name_v[0] = user_name;
3250 desc_v[0] = "Auto account created by Moira";
3251 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3252 altSecurityIdentities_v[0] = temp;
3253 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3256 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3257 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3258 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3259 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3260 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3261 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3262 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3263 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3264 if (strlen(call_args[2]) != 0)
3266 mitMoiraId_v[0] = call_args[2];
3267 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3269 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3270 if (strlen(av[U_UID]) != 0)
3272 uid_v[0] = av[U_UID];
3273 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3276 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3280 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3283 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
3284 mitid_v[0] = av[U_MITID];
3286 mitid_v[0] = "none";
3287 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3289 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3290 WinProfileDir, homedir_v, winProfile_v,
3291 drives_v, mods, LDAP_MOD_ADD, n);
3295 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3296 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3298 OldUseSFU30 = UseSFU30;
3299 SwitchSFU(mods, &UseSFU30, n);
3300 if (OldUseSFU30 != UseSFU30)
3301 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3304 for (i = 0; i < n; i++)
3306 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3308 com_err(whoami, 0, "Unable to create user %s : %s",
3309 user_name, ldap_err2string(rc));
3313 if (rc == LDAP_SUCCESS)
3315 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3317 ad_kdc_disconnect();
3319 if (!ad_server_connect(default_server, ldap_domain))
3321 com_err(whoami, 0, "Unable to set password for user %s : %s",
3322 user_name, "cannot get changepw ticket from windows domain");
3326 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3328 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3334 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3335 if (strlen(call_args[2]) != 0)
3336 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3337 attr_array[0] = "objectSid";
3338 attr_array[1] = NULL;
3341 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3342 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3344 if (group_count != 1)
3346 if (strlen(call_args[2]) != 0)
3348 linklist_free(group_base);
3351 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3352 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3353 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3356 if (group_count == 1)
3358 (*sid_ptr) = group_base;
3359 (*sid_ptr)->member = strdup(av[U_NAME]);
3360 (*sid_ptr)->type = (char *)GROUPS;
3361 sid_ptr = &(*sid_ptr)->next;
3365 if (group_base != NULL)
3366 linklist_free(group_base);
3371 if (group_base != NULL)
3372 linklist_free(group_base);
3377 int user_change_status(LDAP *ldap_handle, char *dn_path,
3378 char *user_name, char *MoiraId,
3382 char *attr_array[3];
3384 char distinguished_name[1024];
3386 char *mitMoiraId_v[] = {NULL, NULL};
3388 LK_ENTRY *group_base;
3395 if (!check_string(user_name))
3397 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3398 return(AD_INVALID_NAME);
3404 if (strlen(MoiraId) != 0)
3406 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3407 attr_array[0] = "UserAccountControl";
3408 attr_array[1] = NULL;
3409 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3410 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3412 com_err(whoami, 0, "Unable to process user %s : %s",
3413 user_name, ldap_err2string(rc));
3417 if (group_count != 1)
3419 linklist_free(group_base);
3422 sprintf(filter, "(sAMAccountName=%s)", user_name);
3423 attr_array[0] = "UserAccountControl";
3424 attr_array[1] = NULL;
3425 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3426 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3428 com_err(whoami, 0, "Unable to process user %s : %s",
3429 user_name, ldap_err2string(rc));
3434 if (group_count != 1)
3436 linklist_free(group_base);
3437 com_err(whoami, 0, "Unable to find user %s in AD",
3439 return(LDAP_NO_SUCH_OBJECT);
3442 strcpy(distinguished_name, group_base->dn);
3443 ulongValue = atoi((*group_base).value);
3444 if (operation == MEMBER_DEACTIVATE)
3445 ulongValue |= UF_ACCOUNTDISABLE;
3447 ulongValue &= ~UF_ACCOUNTDISABLE;
3448 sprintf(temp, "%ld", ulongValue);
3449 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3450 temp, &modvalues, REPLACE)) == 1)
3452 linklist_free(group_base);
3456 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3457 if (strlen(MoiraId) != 0)
3459 mitMoiraId_v[0] = MoiraId;
3460 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3463 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3464 for (i = 0; i < n; i++)
3466 free_values(modvalues);
3467 if (rc != LDAP_SUCCESS)
3469 com_err(whoami, 0, "Unable to change status of user %s : %s",
3470 user_name, ldap_err2string(rc));
3476 int user_delete(LDAP *ldap_handle, char *dn_path,
3477 char *u_name, char *MoiraId)
3480 char *attr_array[3];
3481 char distinguished_name[1024];
3482 char user_name[512];
3483 LK_ENTRY *group_base;
3487 if (!check_string(u_name))
3488 return(AD_INVALID_NAME);
3490 strcpy(user_name, u_name);
3494 if (strlen(MoiraId) != 0)
3496 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3497 attr_array[0] = "name";
3498 attr_array[1] = NULL;
3499 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3500 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3502 com_err(whoami, 0, "Unable to process user %s : %s",
3503 user_name, ldap_err2string(rc));
3507 if (group_count != 1)
3509 linklist_free(group_base);
3512 sprintf(filter, "(sAMAccountName=%s)", user_name);
3513 attr_array[0] = "name";
3514 attr_array[1] = NULL;
3515 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3516 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3518 com_err(whoami, 0, "Unable to process user %s : %s",
3519 user_name, ldap_err2string(rc));
3524 if (group_count != 1)
3526 com_err(whoami, 0, "Unable to find user %s in AD",
3531 strcpy(distinguished_name, group_base->dn);
3532 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3534 com_err(whoami, 0, "Unable to process user %s : %s",
3535 user_name, ldap_err2string(rc));
3539 linklist_free(group_base);
3543 void linklist_free(LK_ENTRY *linklist_base)
3545 LK_ENTRY *linklist_previous;
3547 while (linklist_base != NULL)
3549 if (linklist_base->dn != NULL)
3550 free(linklist_base->dn);
3551 if (linklist_base->attribute != NULL)
3552 free(linklist_base->attribute);
3553 if (linklist_base->value != NULL)
3554 free(linklist_base->value);
3555 if (linklist_base->member != NULL)
3556 free(linklist_base->member);
3557 if (linklist_base->type != NULL)
3558 free(linklist_base->type);
3559 if (linklist_base->list != NULL)
3560 free(linklist_base->list);
3561 linklist_previous = linklist_base;
3562 linklist_base = linklist_previous->next;
3563 free(linklist_previous);
3567 void free_values(char **modvalues)
3572 if (modvalues != NULL)
3574 while (modvalues[i] != NULL)
3577 modvalues[i] = NULL;
3584 int sid_update(LDAP *ldap_handle, char *dn_path)
3588 unsigned char temp[126];
3595 memset(temp, 0, sizeof(temp));
3596 convert_b_to_a(temp, ptr->value, ptr->length);
3599 av[0] = ptr->member;
3601 if (ptr->type == (char *)GROUPS)
3604 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3606 else if (ptr->type == (char *)USERS)
3609 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3616 void convert_b_to_a(char *string, UCHAR *binary, int length)
3623 for (i = 0; i < length; i++)
3630 if (string[j] > '9')
3633 string[j] = tmp & 0x0f;
3635 if (string[j] > '9')
3642 static int illegalchars[] = {
3643 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3644 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3645 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3646 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3647 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3648 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3649 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3650 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3651 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3652 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3653 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3654 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3655 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3656 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3657 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3661 int check_string(char *s)
3668 if (isupper(character))
3669 character = tolower(character);
3670 if (illegalchars[(unsigned) character])
3676 int check_container_name(char *s)
3683 if (isupper(character))
3684 character = tolower(character);
3686 if (character == ' ')
3688 if (illegalchars[(unsigned) character])
3694 int mr_connect_cl(char *server, char *client, int version, int auth)
3700 status = mr_connect(server);
3703 com_err(whoami, status, "while connecting to Moira");
3707 status = mr_motd(&motd);
3711 com_err(whoami, status, "while checking server status");
3716 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3717 com_err(whoami, status, temp);
3722 status = mr_version(version);
3725 if (status == MR_UNKNOWN_PROC)
3728 status = MR_VERSION_HIGH;
3730 status = MR_SUCCESS;
3733 if (status == MR_VERSION_HIGH)
3735 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3736 com_err(whoami, 0, "Some operations may not work.");
3738 else if (status && status != MR_VERSION_LOW)
3740 com_err(whoami, status, "while setting query version number.");
3748 status = mr_auth(client);
3751 com_err(whoami, status, "while authenticating to Moira.");
3760 void AfsToWinAfs(char* path, char* winPath)
3764 strcpy(winPath, WINAFS);
3765 pathPtr = path + strlen(AFS);
3766 winPathPtr = winPath + strlen(WINAFS);
3770 if (*pathPtr == '/')
3773 *winPathPtr = *pathPtr;
3780 int GetAceInfo(int ac, char **av, void *ptr)
3787 strcpy(call_args[0], av[L_ACE_TYPE]);
3788 strcpy(call_args[1], av[L_ACE_NAME]);
3790 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3791 return(LDAP_SUCCESS);
3795 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3798 char *attr_array[3];
3801 LK_ENTRY *group_base;
3806 sprintf(filter, "(sAMAccountName=%s)", Name);
3807 attr_array[0] = "sAMAccountName";
3808 attr_array[1] = NULL;
3809 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3810 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3812 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3813 Name, ldap_err2string(rc));
3817 linklist_free(group_base);
3819 if (group_count == 0)
3826 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3829 char GroupName[256];
3835 char AceMembership[2];
3839 strcpy(GroupName, Name);
3841 if (strcasecmp(Type, "LIST"))
3846 AceInfo[0] = AceType;
3847 AceInfo[1] = AceName;
3848 AceInfo[2] = AceMembership;
3850 memset(AceType, '\0', sizeof(AceType));
3851 memset(AceName, '\0', sizeof(AceName));
3852 memset(AceMembership, '\0', sizeof(AceMembership));
3853 memset(AceOu, '\0', sizeof(AceOu));
3855 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3857 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3862 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3865 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3867 strcpy(temp, AceName);
3868 if (!strcasecmp(AceType, "LIST"))
3869 sprintf(temp, "%s_group", AceName);
3872 if (checkADname(ldap_handle, dn_path, temp))
3874 (*ProcessGroup) = 1;
3876 if (!strcasecmp(AceInfo[0], "LIST"))
3878 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3881 else if (!strcasecmp(AceInfo[0], "USER"))
3884 call_args[0] = (char *)ldap_handle;
3885 call_args[1] = dn_path;
3887 call_args[3] = NULL;
3889 sid_ptr = &sid_base;
3891 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3893 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3898 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3901 if (sid_base != NULL)
3903 sid_update(ldap_handle, dn_path);
3904 linklist_free(sid_base);
3911 if (!strcasecmp(AceType, "LIST"))
3913 if (!strcasecmp(GroupName, AceName))
3916 strcpy(GroupName, AceName);
3921 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3922 char *group_name, char *group_ou, char *group_membership,
3923 int group_security_flag, int updateGroup)
3930 call_args[0] = (char *)ldap_handle;
3931 call_args[1] = dn_path;
3932 call_args[2] = group_name;
3933 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3934 call_args[4] = (char *)updateGroup;
3935 call_args[5] = MoiraId;
3936 call_args[6] = NULL;
3938 sid_ptr = &sid_base;
3940 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3943 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3949 com_err(whoami, 0, "Unable to create list %s", group_name);
3950 return(callback_rc);
3953 if (sid_base != NULL)
3955 sid_update(ldap_handle, dn_path);
3956 linklist_free(sid_base);
3962 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3963 char *group_ou, char *group_membership,
3964 int group_security_flag, char *MoiraId)
3972 com_err(whoami, 0, "Populating group %s", group_name);
3974 call_args[0] = (char *)ldap_handle;
3975 call_args[1] = dn_path;
3976 call_args[2] = group_name;
3977 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3978 call_args[4] = NULL;
3980 if (rc = mr_query("get_end_members_of_list", 1, av,
3981 member_list_build, call_args))
3983 com_err(whoami, 0, "Unable to populate list %s : %s",
3984 group_name, error_message(rc));
3987 if (member_base != NULL)
3992 if (!strcasecmp(ptr->type, "LIST"))
3998 if (!strcasecmp(ptr->type, "STRING"))
4000 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4002 pUserOu = contact_ou;
4004 else if (!strcasecmp(ptr->type, "KERBEROS"))
4006 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4008 pUserOu = kerberos_ou;
4010 rc = member_add(ldap_handle, dn_path, group_name,
4011 group_ou, group_membership, ptr->member,
4015 linklist_free(member_base);
4021 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4022 char *group_name, char *group_ou, char *group_membership,
4023 int group_security_flag, int type)
4025 char before_desc[512];
4026 char before_name[256];
4027 char before_group_ou[256];
4028 char before_group_membership[2];
4029 char distinguishedName[256];
4030 char ad_distinguishedName[256];
4032 char *attr_array[3];
4033 int before_security_flag;
4036 LK_ENTRY *group_base;
4039 char ou_security[512];
4040 char ou_distribution[512];
4041 char ou_neither[512];
4043 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4044 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4047 memset(filter, '\0', sizeof(filter));
4050 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4052 "distinguishedName", &group_base,
4053 &group_count, filter))
4056 if (type == CHECK_GROUPS)
4058 if (group_count == 1)
4060 if (!strcasecmp(group_base->value, distinguishedName))
4062 linklist_free(group_base);
4066 linklist_free(group_base);
4067 if (group_count == 0)
4068 return(AD_NO_GROUPS_FOUND);
4069 if (group_count == 1)
4070 return(AD_WRONG_GROUP_DN_FOUND);
4071 return(AD_MULTIPLE_GROUPS_FOUND);
4073 if (group_count == 0)
4075 return(AD_NO_GROUPS_FOUND);
4077 if (group_count > 1)
4082 if (!strcasecmp(distinguishedName, ptr->value))
4088 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4092 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4095 linklist_free(group_base);
4096 return(AD_MULTIPLE_GROUPS_FOUND);
4101 if (strcasecmp(distinguishedName, ptr->value))
4102 rc = ldap_delete_s(ldap_handle, ptr->value);
4105 linklist_free(group_base);
4106 memset(filter, '\0', sizeof(filter));
4109 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4111 "distinguishedName", &group_base,
4112 &group_count, filter))
4114 if (group_count == 0)
4115 return(AD_NO_GROUPS_FOUND);
4116 if (group_count > 1)
4117 return(AD_MULTIPLE_GROUPS_FOUND);
4120 strcpy(ad_distinguishedName, group_base->value);
4121 linklist_free(group_base);
4125 attr_array[0] = "sAMAccountName";
4126 attr_array[1] = NULL;
4127 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4128 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4130 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4131 MoiraId, ldap_err2string(rc));
4134 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4136 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4138 linklist_free(group_base);
4143 linklist_free(group_base);
4146 memset(ou_both, '\0', sizeof(ou_both));
4147 memset(ou_security, '\0', sizeof(ou_security));
4148 memset(ou_distribution, '\0', sizeof(ou_distribution));
4149 memset(ou_neither, '\0', sizeof(ou_neither));
4150 memset(before_name, '\0', sizeof(before_name));
4151 memset(before_desc, '\0', sizeof(before_desc));
4152 memset(before_group_membership, '\0', sizeof(before_group_membership));
4153 attr_array[0] = "name";
4154 attr_array[1] = NULL;
4155 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4156 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4158 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
4159 MoiraId, ldap_err2string(rc));
4162 strcpy(before_name, group_base->value);
4163 linklist_free(group_base);
4166 attr_array[0] = "description";
4167 attr_array[1] = NULL;
4168 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4169 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4172 "Unable to get list description with MoiraId = %s: %s",
4173 MoiraId, ldap_err2string(rc));
4176 if (group_count != 0)
4178 strcpy(before_desc, group_base->value);
4179 linklist_free(group_base);
4183 change_to_lower_case(ad_distinguishedName);
4184 strcpy(ou_both, group_ou_both);
4185 change_to_lower_case(ou_both);
4186 strcpy(ou_security, group_ou_security);
4187 change_to_lower_case(ou_security);
4188 strcpy(ou_distribution, group_ou_distribution);
4189 change_to_lower_case(ou_distribution);
4190 strcpy(ou_neither, group_ou_neither);
4191 change_to_lower_case(ou_neither);
4192 if (strstr(ad_distinguishedName, ou_both))
4194 strcpy(before_group_ou, group_ou_both);
4195 before_group_membership[0] = 'B';
4196 before_security_flag = 1;
4198 else if (strstr(ad_distinguishedName, ou_security))
4200 strcpy(before_group_ou, group_ou_security);
4201 before_group_membership[0] = 'S';
4202 before_security_flag = 1;
4204 else if (strstr(ad_distinguishedName, ou_distribution))
4206 strcpy(before_group_ou, group_ou_distribution);
4207 before_group_membership[0] = 'D';
4208 before_security_flag = 0;
4210 else if (strstr(ad_distinguishedName, ou_neither))
4212 strcpy(before_group_ou, group_ou_neither);
4213 before_group_membership[0] = 'N';
4214 before_security_flag = 0;
4217 return(AD_NO_OU_FOUND);
4218 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4219 before_group_ou, before_security_flag, before_desc,
4220 group_name, group_membership, group_ou, group_security_flag,
4221 before_desc, MoiraId, filter);
4225 void change_to_lower_case(char *ptr)
4229 for (i = 0; i < (int)strlen(ptr); i++)
4231 ptr[i] = tolower(ptr[i]);
4235 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4236 char *group_name, char *group_membership,
4237 char *MoiraId, char *attribute,
4238 LK_ENTRY **linklist_base, int *linklist_count,
4243 char *attr_array[3];
4246 (*linklist_base) = NULL;
4247 (*linklist_count) = 0;
4248 if (strlen(rFilter) != 0)
4250 strcpy(filter, rFilter);
4251 attr_array[0] = attribute;
4252 attr_array[1] = NULL;
4253 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4254 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4256 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4257 MoiraId, ldap_err2string(rc));
4260 if ((*linklist_count) == 1)
4262 strcpy(rFilter, filter);
4267 linklist_free((*linklist_base));
4268 (*linklist_base) = NULL;
4269 (*linklist_count) = 0;
4270 if (strlen(MoiraId) != 0)
4272 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4273 attr_array[0] = attribute;
4274 attr_array[1] = NULL;
4275 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4276 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4278 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4279 MoiraId, ldap_err2string(rc));
4283 if ((*linklist_count) > 1)
4285 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4286 pPtr = (*linklist_base);
4289 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4292 linklist_free((*linklist_base));
4293 (*linklist_base) = NULL;
4294 (*linklist_count) = 0;
4296 if ((*linklist_count) == 1)
4298 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4300 strcpy(rFilter, filter);
4305 linklist_free((*linklist_base));
4306 (*linklist_base) = NULL;
4307 (*linklist_count) = 0;
4308 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4309 attr_array[0] = attribute;
4310 attr_array[1] = NULL;
4311 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4312 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4314 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4315 MoiraId, ldap_err2string(rc));
4318 if ((*linklist_count) == 1)
4320 strcpy(rFilter, filter);
4327 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4330 char *attr_array[3];
4331 char SamAccountName[64];
4334 LK_ENTRY *group_base;
4340 if (strlen(MoiraId) != 0)
4342 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4343 attr_array[0] = "sAMAccountName";
4344 attr_array[1] = NULL;
4345 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4346 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4348 com_err(whoami, 0, "Unable to process user %s : %s",
4349 UserName, ldap_err2string(rc));
4352 if (group_count > 1)
4354 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4359 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4360 gPtr->value, MoiraId);
4365 if (group_count != 1)
4367 linklist_free(group_base);
4370 sprintf(filter, "(sAMAccountName=%s)", UserName);
4371 attr_array[0] = "sAMAccountName";
4372 attr_array[1] = NULL;
4373 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4374 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4376 com_err(whoami, 0, "Unable to process user %s : %s",
4377 UserName, ldap_err2string(rc));
4382 if (group_count != 1)
4384 linklist_free(group_base);
4385 return(AD_NO_USER_FOUND);
4387 strcpy(SamAccountName, group_base->value);
4388 linklist_free(group_base);
4391 if (strcmp(SamAccountName, UserName))
4393 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4399 void container_get_dn(char *src, char *dest)
4406 memset(array, '\0', 20 * sizeof(array[0]));
4408 if (strlen(src) == 0)
4427 strcpy(dest, "OU=");
4430 strcat(dest, array[n-1]);
4434 strcat(dest, ",OU=");
4440 void container_get_name(char *src, char *dest)
4445 if (strlen(src) == 0)
4462 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4469 strcpy(cName, name);
4470 for (i = 0; i < (int)strlen(cName); i++)
4472 if (cName[i] == '/')
4475 av[CONTAINER_NAME] = cName;
4476 av[CONTAINER_DESC] = "";
4477 av[CONTAINER_LOCATION] = "";
4478 av[CONTAINER_CONTACT] = "";
4479 av[CONTAINER_TYPE] = "";
4480 av[CONTAINER_ID] = "";
4481 av[CONTAINER_ROWID] = "";
4482 rc = container_create(ldap_handle, dn_path, 7, av);
4483 if (rc == LDAP_SUCCESS)
4485 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4493 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4494 int afterc, char **after)
4499 char new_dn_path[256];
4501 char distinguishedName[256];
4506 memset(cName, '\0', sizeof(cName));
4507 container_get_name(after[CONTAINER_NAME], cName);
4508 if (!check_container_name(cName))
4510 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4511 return(AD_INVALID_NAME);
4514 memset(distinguishedName, '\0', sizeof(distinguishedName));
4515 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4517 if (strlen(distinguishedName) == 0)
4519 rc = container_create(ldap_handle, dn_path, afterc, after);
4523 strcpy(temp, after[CONTAINER_NAME]);
4525 for (i = 0; i < (int)strlen(temp); i++)
4534 container_get_dn(temp, dName);
4535 if (strlen(temp) != 0)
4536 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4538 sprintf(new_dn_path, "%s", dn_path);
4539 sprintf(new_cn, "OU=%s", cName);
4541 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4543 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4544 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4546 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4547 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4551 memset(dName, '\0', sizeof(dName));
4552 container_get_dn(after[CONTAINER_NAME], dName);
4553 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4557 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4559 char distinguishedName[256];
4562 memset(distinguishedName, '\0', sizeof(distinguishedName));
4563 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4565 if (strlen(distinguishedName) == 0)
4567 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4569 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4570 container_move_objects(ldap_handle, dn_path, distinguishedName);
4572 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4573 av[CONTAINER_NAME], ldap_err2string(rc));
4578 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4580 char *attr_array[3];
4581 LK_ENTRY *group_base;
4584 char *objectClass_v[] = {"top",
4585 "organizationalUnit",
4588 char *ou_v[] = {NULL, NULL};
4589 char *name_v[] = {NULL, NULL};
4590 char *moiraId_v[] = {NULL, NULL};
4591 char *desc_v[] = {NULL, NULL};
4592 char *managedBy_v[] = {NULL, NULL};
4595 char managedByDN[256];
4602 memset(filter, '\0', sizeof(filter));
4603 memset(dName, '\0', sizeof(dName));
4604 memset(cName, '\0', sizeof(cName));
4605 memset(managedByDN, '\0', sizeof(managedByDN));
4606 container_get_dn(av[CONTAINER_NAME], dName);
4607 container_get_name(av[CONTAINER_NAME], cName);
4609 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4611 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4612 return(AD_INVALID_NAME);
4615 if (!check_container_name(cName))
4617 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4618 return(AD_INVALID_NAME);
4622 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4624 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4626 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4627 if (strlen(av[CONTAINER_ROWID]) != 0)
4629 moiraId_v[0] = av[CONTAINER_ROWID];
4630 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4632 if (strlen(av[CONTAINER_DESC]) != 0)
4634 desc_v[0] = av[CONTAINER_DESC];
4635 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4637 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4639 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4641 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4643 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4644 managedBy_v[0] = managedByDN;
4645 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4650 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4652 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4654 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4656 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4658 if (strlen(filter) != 0)
4660 attr_array[0] = "distinguishedName";
4661 attr_array[1] = NULL;
4664 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4665 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4667 if (group_count == 1)
4669 strcpy(managedByDN, group_base->value);
4670 managedBy_v[0] = managedByDN;
4671 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4673 linklist_free(group_base);
4682 sprintf(temp, "%s,%s", dName, dn_path);
4683 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4684 for (i = 0; i < n; i++)
4686 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4688 com_err(whoami, 0, "Unable to create container %s : %s",
4689 cName, ldap_err2string(rc));
4692 if (rc == LDAP_ALREADY_EXISTS)
4694 if (strlen(av[CONTAINER_ROWID]) != 0)
4695 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4700 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4701 int afterc, char **after)
4703 char distinguishedName[256];
4706 memset(distinguishedName, '\0', sizeof(distinguishedName));
4707 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4709 if (strlen(distinguishedName) == 0)
4711 rc = container_create(ldap_handle, dn_path, afterc, after);
4715 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4716 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4721 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4723 char *attr_array[3];
4724 LK_ENTRY *group_base;
4731 memset(filter, '\0', sizeof(filter));
4732 memset(dName, '\0', sizeof(dName));
4733 memset(cName, '\0', sizeof(cName));
4734 container_get_dn(av[CONTAINER_NAME], dName);
4735 container_get_name(av[CONTAINER_NAME], cName);
4737 if (strlen(dName) == 0)
4739 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4740 return(AD_INVALID_NAME);
4743 if (!check_container_name(cName))
4745 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4746 return(AD_INVALID_NAME);
4749 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4750 attr_array[0] = "distinguishedName";
4751 attr_array[1] = NULL;
4754 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4755 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4757 if (group_count == 1)
4759 strcpy(distinguishedName, group_base->value);
4761 linklist_free(group_base);
4765 if (strlen(distinguishedName) == 0)
4767 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4768 attr_array[0] = "distinguishedName";
4769 attr_array[1] = NULL;
4772 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4773 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4775 if (group_count == 1)
4777 strcpy(distinguishedName, group_base->value);
4779 linklist_free(group_base);
4787 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4788 char *distinguishedName, int count, char **av)
4790 char *attr_array[5];
4791 LK_ENTRY *group_base;
4796 char *moiraId_v[] = {NULL, NULL};
4797 char *desc_v[] = {NULL, NULL};
4798 char *managedBy_v[] = {NULL, NULL};
4799 char managedByDN[256];
4808 strcpy(ad_path, distinguishedName);
4809 if (strlen(dName) != 0)
4810 sprintf(ad_path, "%s,%s", dName, dn_path);
4812 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4813 if (strlen(av[CONTAINER_ID]) != 0)
4814 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4815 attr_array[0] = "mitMoiraId";
4816 attr_array[1] = "description";
4817 attr_array[2] = "managedBy";
4818 attr_array[3] = NULL;
4821 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4822 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4824 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4825 av[CONTAINER_NAME], ldap_err2string(rc));
4828 memset(managedByDN, '\0', sizeof(managedByDN));
4829 memset(moiraId, '\0', sizeof(moiraId));
4830 memset(desc, '\0', sizeof(desc));
4834 if (!strcasecmp(pPtr->attribute, "description"))
4835 strcpy(desc, pPtr->value);
4836 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4837 strcpy(managedByDN, pPtr->value);
4838 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4839 strcpy(moiraId, pPtr->value);
4842 linklist_free(group_base);
4847 if (strlen(av[CONTAINER_ROWID]) != 0)
4849 moiraId_v[0] = av[CONTAINER_ROWID];
4850 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4852 if (strlen(av[CONTAINER_DESC]) != 0)
4854 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4858 if (strlen(desc) != 0)
4860 attribute_update(ldap_handle, ad_path, "", "description", dName);
4863 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4865 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4867 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4869 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4870 managedBy_v[0] = managedByDN;
4871 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4875 if (strlen(managedByDN) != 0)
4877 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4883 memset(filter, '\0', sizeof(filter));
4884 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4886 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4888 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4890 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4892 if (strlen(filter) != 0)
4894 attr_array[0] = "distinguishedName";
4895 attr_array[1] = NULL;
4898 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4899 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4901 if (group_count == 1)
4903 strcpy(managedByDN, group_base->value);
4904 managedBy_v[0] = managedByDN;
4905 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4909 if (strlen(managedByDN) != 0)
4911 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4914 linklist_free(group_base);
4921 if (strlen(managedByDN) != 0)
4923 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4930 return(LDAP_SUCCESS);
4932 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4933 for (i = 0; i < n; i++)
4935 if (rc != LDAP_SUCCESS)
4937 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4938 av[CONTAINER_NAME], ldap_err2string(rc));
4944 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4946 char *attr_array[3];
4947 LK_ENTRY *group_base;
4954 int NumberOfEntries = 10;
4958 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4960 for (i = 0; i < 3; i++)
4962 memset(filter, '\0', sizeof(filter));
4965 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4966 attr_array[0] = "cn";
4967 attr_array[1] = NULL;
4971 strcpy(filter, "(objectClass=computer)");
4972 attr_array[0] = "cn";
4973 attr_array[1] = NULL;
4977 strcpy(filter, "(objectClass=organizationalUnit)");
4978 attr_array[0] = "ou";
4979 attr_array[1] = NULL;
4984 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
4985 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4989 if (group_count == 0)
4994 if (!strcasecmp(pPtr->attribute, "cn"))
4996 sprintf(new_cn, "cn=%s", pPtr->value);
4998 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5000 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5004 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5006 if (rc == LDAP_ALREADY_EXISTS)
5008 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5015 else if (!strcasecmp(pPtr->attribute, "ou"))
5017 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5021 linklist_free(group_base);
5029 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5031 LK_ENTRY *group_base;
5035 char *attr_array[3];
5042 strcpy(NewMachineName, member);
5043 rc = moira_connect();
5044 rc = GetMachineName(NewMachineName);
5046 if (strlen(NewMachineName) == 0)
5048 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5053 pPtr = strchr(NewMachineName, '.');
5059 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5060 attr_array[0] = "cn";
5061 attr_array[1] = NULL;
5062 sprintf(temp, "%s", dn_path);
5063 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5064 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5066 com_err(whoami, 0, "Unable to process machine %s : %s",
5067 member, ldap_err2string(rc));
5070 if (group_count != 1)
5072 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
5076 strcpy(dn, group_base->dn);
5077 strcpy(cn, group_base->value);
5078 for (i = 0; i < (int)strlen(dn); i++)
5079 dn[i] = tolower(dn[i]);
5080 for (i = 0; i < (int)strlen(cn); i++)
5081 cn[i] = tolower(cn[i]);
5082 linklist_free(group_base);
5084 pPtr = strstr(dn, cn);
5087 com_err(whoami, 0, "Unable to process machine %s",
5091 pPtr += strlen(cn) + 1;
5092 strcpy(machine_ou, pPtr);
5094 pPtr = strstr(machine_ou, "dc=");
5097 com_err(whoami, 0, "Unable to process machine %s",
5106 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5111 char MachineName[128];
5113 char *attr_array[3];
5118 LK_ENTRY *group_base;
5123 strcpy(MachineName, MoiraMachineName);
5124 rc = GetMachineName(MachineName);
5125 if (strlen(MachineName) == 0)
5127 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5131 cPtr = strchr(MachineName, '.');
5134 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5135 attr_array[0] = "sAMAccountName";
5136 attr_array[1] = NULL;
5137 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5138 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5140 com_err(whoami, 0, "Unable to process machine %s : %s",
5141 MoiraMachineName, ldap_err2string(rc));
5145 if (group_count == 1)
5146 strcpy(OldDn, group_base->dn);
5147 linklist_free(group_base);
5149 if (group_count != 1)
5151 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5154 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5155 cPtr = strchr(OldDn, ',');
5159 if (!strcasecmp(cPtr, NewOu))
5162 sprintf(NewCn, "CN=%s", MachineName);
5163 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5167 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5173 memset(Name, '\0', sizeof(Name));
5174 strcpy(Name, machine_name);
5176 pPtr = strchr(Name, '.');
5180 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5183 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5189 av[0] = machine_name;
5190 call_args[0] = (char *)container_name;
5191 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5196 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5201 strcpy(call_args[0], av[1]);
5205 int Moira_container_group_create(char **after)
5211 memset(GroupName, '\0', sizeof(GroupName));
5212 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5213 after[CONTAINER_ROWID]);
5217 argv[L_NAME] = GroupName;
5218 argv[L_ACTIVE] = "1";
5219 argv[L_PUBLIC] = "0";
5220 argv[L_HIDDEN] = "0";
5221 argv[L_MAILLIST] = "0";
5222 argv[L_GROUP] = "1";
5223 argv[L_GID] = UNIQUE_GID;
5224 argv[L_NFSGROUP] = "0";
5225 argv[L_MAILMAN] = "0";
5226 argv[L_MAILMAN_SERVER] = "[NONE]";
5227 argv[L_DESC] = "auto created container group";
5228 argv[L_ACE_TYPE] = "USER";
5229 argv[L_MEMACE_TYPE] = "USER";
5230 argv[L_ACE_NAME] = "sms";
5231 argv[L_MEMACE_NAME] = "sms";
5233 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5235 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
5236 GroupName, after[CONTAINER_NAME], error_message(rc));
5239 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5240 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5245 int Moira_container_group_update(char **before, char **after)
5248 char BeforeGroupName[64];
5249 char AfterGroupName[64];
5252 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5255 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5256 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5257 if (strlen(BeforeGroupName) == 0)
5260 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5261 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5262 after[CONTAINER_ROWID]);
5266 if (strcasecmp(BeforeGroupName, AfterGroupName))
5268 argv[L_NAME] = BeforeGroupName;
5269 argv[L_NAME + 1] = AfterGroupName;
5270 argv[L_ACTIVE + 1] = "1";
5271 argv[L_PUBLIC + 1] = "0";
5272 argv[L_HIDDEN + 1] = "0";
5273 argv[L_MAILLIST + 1] = "0";
5274 argv[L_GROUP + 1] = "1";
5275 argv[L_GID + 1] = UNIQUE_GID;
5276 argv[L_NFSGROUP + 1] = "0";
5277 argv[L_MAILMAN + 1] = "0";
5278 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5279 argv[L_DESC + 1] = "auto created container group";
5280 argv[L_ACE_TYPE + 1] = "USER";
5281 argv[L_MEMACE_TYPE + 1] = "USER";
5282 argv[L_ACE_NAME + 1] = "sms";
5283 argv[L_MEMACE_NAME + 1] = "sms";
5285 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5287 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
5288 BeforeGroupName, AfterGroupName, error_message(rc));
5295 int Moira_container_group_delete(char **before)
5300 char ParentGroupName[64];
5302 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5303 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5305 memset(GroupName, '\0', sizeof(GroupName));
5306 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5307 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5309 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5311 argv[0] = ParentGroupName;
5313 argv[2] = GroupName;
5314 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5316 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
5317 GroupName, ParentGroupName, error_message(rc));
5321 if (strlen(GroupName) != 0)
5323 argv[0] = GroupName;
5324 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5326 com_err(whoami, 0, "Unable to delete container group %s : %s",
5327 GroupName, error_message(rc));
5334 int Moira_groupname_create(char *GroupName, char *ContainerName,
5335 char *ContainerRowID)
5340 char newGroupName[64];
5341 char tempGroupName[64];
5347 strcpy(temp, ContainerName);
5349 ptr1 = strrchr(temp, '/');
5354 ptr1 = strrchr(temp, '/');
5357 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
5360 strcpy(tempgname, ptr);
5363 strcpy(tempgname, temp);
5365 if (strlen(tempgname) > 25)
5366 tempgname[25] ='\0';
5368 sprintf(newGroupName, "cnt-%s", tempgname);
5370 /* change everything to lower case */
5375 *ptr = tolower(*ptr);
5381 strcpy(tempGroupName, newGroupName);
5383 /* append 0-9 then a-z if a duplicate is found */
5386 argv[0] = newGroupName;
5387 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5389 if (rc == MR_NO_MATCH)
5391 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5392 ContainerName, error_message(rc));
5395 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5398 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
5408 strcpy(GroupName, newGroupName);
5412 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5417 argv[0] = origContainerName;
5418 argv[1] = GroupName;
5420 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5422 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5423 GroupName, origContainerName, error_message(rc));
5429 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5431 char ContainerName[64];
5432 char ParentGroupName[64];
5436 strcpy(ContainerName, origContainerName);
5438 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5439 /* top-level container */
5440 if (strlen(ParentGroupName) == 0)
5443 argv[0] = ParentGroupName;
5445 argv[2] = GroupName;
5446 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5448 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5449 GroupName, ParentGroupName, error_message(rc));
5454 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5459 strcpy(call_args[0], av[1]);
5463 int Moira_getGroupName(char *origContainerName, char *GroupName,
5466 char ContainerName[64];
5472 strcpy(ContainerName, origContainerName);
5476 ptr = strrchr(ContainerName, '/');
5483 argv[0] = ContainerName;
5485 call_args[0] = GroupName;
5486 call_args[1] = NULL;
5488 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5491 if (strlen(GroupName) != 0)
5496 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5497 ContainerName, error_message(rc));
5499 com_err(whoami, 0, "Unable to get container group from container %s",
5504 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5510 if (strcmp(GroupName, "[none]") == 0)
5513 argv[0] = GroupName;
5514 argv[1] = "MACHINE";
5515 argv[2] = MachineName;
5517 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5519 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5522 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5523 MachineName, GroupName, error_message(rc));
5528 int GetMachineName(char *MachineName)
5531 char NewMachineName[1024];
5538 // If the address happens to be in the top-level MIT domain, great!
5539 strcpy(NewMachineName, MachineName);
5540 for (i = 0; i < (int)strlen(NewMachineName); i++)
5541 NewMachineName[i] = toupper(NewMachineName[i]);
5542 szDot = strchr(NewMachineName,'.');
5543 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5548 // If not, see if it has a Moira alias in the top-level MIT domain.
5549 memset(NewMachineName, '\0', sizeof(NewMachineName));
5551 args[1] = MachineName;
5552 call_args[0] = NewMachineName;
5553 call_args[1] = NULL;
5554 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5556 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5557 MachineName, error_message(rc));
5558 strcpy(MachineName, "");
5562 if (strlen(NewMachineName) != 0)
5563 strcpy(MachineName, NewMachineName);
5565 strcpy(MachineName, "");
5570 int ProcessMachineName(int ac, char **av, void *ptr)
5573 char MachineName[1024];
5578 if (strlen(call_args[0]) == 0)
5580 strcpy(MachineName, av[0]);
5581 for (i = 0; i < (int)strlen(MachineName); i++)
5582 MachineName[i] = toupper(MachineName[i]);
5583 szDot = strchr(MachineName,'.');
5584 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5586 strcpy(call_args[0], MachineName);
5592 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5598 for (i = 0; i < n; i++)
5600 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5601 mods[i]->mod_type = "uidNumber";
5607 for (i = 0; i < n; i++)
5609 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5610 mods[i]->mod_type = "msSFU30UidNumber";
5616 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5617 char *WinHomeDir, char *WinProfileDir,
5618 char **homedir_v, char **winProfile_v,
5619 char **drives_v, LDAPMod **mods,
5627 char winProfile[1024];
5632 LDAPMod *DelMods[20];
5634 memset(homeDrive, '\0', sizeof(homeDrive));
5635 memset(path, '\0', sizeof(path));
5636 memset(winPath, '\0', sizeof(winPath));
5637 memset(winProfile, '\0', sizeof(winProfile));
5639 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5641 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5643 memset(cWeight, 0, sizeof(cWeight));
5644 memset(cPath, 0, sizeof(cPath));
5647 while (hp[i] != NULL)
5649 if (sscanf(hp[i], "%*s %s", cPath))
5651 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5653 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5655 if (atoi(cWeight) < last_weight)
5657 strcpy(path, cPath);
5658 last_weight = (int)atoi(cWeight);
5662 strcpy(path, cPath);
5669 if (!strnicmp(path, AFS, strlen(AFS)))
5671 AfsToWinAfs(path, winPath);
5672 strcpy(winProfile, winPath);
5673 strcat(winProfile, "\\.winprofile");
5681 if ((!strcasecmp(WinHomeDir, "[dfs]")) || (!strcasecmp(WinProfileDir, "[dfs]")))
5683 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain, user_name[0], user_name);
5684 if (!strcasecmp(WinProfileDir, "[dfs]"))
5686 strcpy(winProfile, path);
5687 strcat(winProfile, "\\.winprofile");
5689 if (!strcasecmp(WinHomeDir, "[dfs]"))
5690 strcpy(winPath, path);
5703 if (!strcasecmp(WinHomeDir, "[local]"))
5704 memset(winPath, '\0', sizeof(winPath));
5705 else if (!strcasecmp(WinHomeDir, "[afs]") || !strcasecmp(WinHomeDir, "[dfs]"))
5707 strcpy(homeDrive, "H:");
5711 strcpy(winPath, WinHomeDir);
5712 if (!strncmp(WinHomeDir, "\\\\", 2))
5714 strcpy(homeDrive, "H:");
5718 // nothing needs to be done if WinProfileDir is [afs].
5719 if (!strcasecmp(WinProfileDir, "[local]"))
5720 memset(winProfile, '\0', sizeof(winProfile));
5721 else if (strcasecmp(WinProfileDir, "[afs]") && strcasecmp(WinProfileDir, "[dfs]"))
5723 strcpy(winProfile, WinProfileDir);
5726 if (strlen(winProfile) != 0)
5728 if (winProfile[strlen(winProfile) - 1] == '\\')
5729 winProfile[strlen(winProfile) - 1] = '\0';
5731 if (strlen(winPath) != 0)
5733 if (winPath[strlen(winPath) - 1] == '\\')
5734 winPath[strlen(winPath) - 1] = '\0';
5737 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5738 strcat(winProfile, "\\");
5739 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5740 strcat(winPath, "\\");
5742 if (strlen(winPath) == 0)
5744 if (OpType == LDAP_MOD_REPLACE)
5747 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5749 //unset homeDirectory attribute for user.
5750 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5756 homedir_v[0] = strdup(winPath);
5757 ADD_ATTR("homeDirectory", homedir_v, OpType);
5760 if (strlen(winProfile) == 0)
5762 if (OpType == LDAP_MOD_REPLACE)
5765 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5767 //unset profilePate attribute for user.
5768 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5774 winProfile_v[0] = strdup(winProfile);
5775 ADD_ATTR("profilePath", winProfile_v, OpType);
5778 if (strlen(homeDrive) == 0)
5780 if (OpType == LDAP_MOD_REPLACE)
5783 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5785 //unset homeDrive attribute for user
5786 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5792 drives_v[0] = strdup(homeDrive);
5793 ADD_ATTR("homeDrive", drives_v, OpType);
5799 int GetServerList(char *ldap_domain, char **ServerList)
5807 int ServerListFound;
5808 char default_server[256];
5810 char *attr_array[3];
5814 LK_ENTRY *group_base;
5819 memset(default_server, '\0', sizeof(default_server));
5820 memset(dn_path, '\0', sizeof(dn_path));
5821 for (i = 0; i < MAX_SERVER_NAMES; i++)
5823 if (ServerList[i] != NULL)
5825 free(ServerList[i]);
5826 ServerList[i] = NULL;
5829 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5832 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5836 ServerListFound = 0;
5838 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5839 attr_array[0] = "fSMORoleOwner";
5840 attr_array[1] = NULL;
5841 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5842 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5844 if (group_count != 0)
5846 sPtr = strstr(group_base->value, ",CN=");
5849 sPtr += strlen(",CN=");
5850 if (ServerList[0] == NULL)
5851 ServerList[0] = calloc(1, 256);
5852 strcpy(ServerList[0], sPtr);
5853 sPtr = strstr(ServerList[0], ",");
5857 ServerListFound = 1;
5861 linklist_free(group_base);
5865 attr_array[0] = "cn";
5866 attr_array[1] = NULL;
5867 strcpy(filter, "(cn=*)");
5868 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5870 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5871 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5873 if (group_count != 0)
5876 while (gPtr != NULL)
5878 if (ServerListFound != 0)
5880 if (!strcasecmp(ServerList[0], gPtr->value))
5886 if (Count < MAX_SERVER_NAMES)
5888 if (ServerList[Count] == NULL)
5889 ServerList[Count] = calloc(1, 256);
5890 strcpy(ServerList[Count], gPtr->value);
5897 linklist_free(group_base);
5903 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5904 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5906 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5907 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5909 if (group_count != 0)
5914 linklist_free(group_base);
5918 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5920 fprintf(fptr, "%s %s\n", DOMAIN, ldap_domain);
5921 if (strlen(PrincipalName) != 0)
5922 fprintf(fptr, "%s %s\n", PRINCIPALNAME, PrincipalName);
5924 fprintf(fptr, "%s %s\n", MSSFU, SFUTYPE);
5925 for (i = 0; i < MAX_SERVER_NAMES; i++)
5927 if (ServerList[i] != NULL)
5929 fprintf(fptr, "%s %s\n", SERVER, ServerList[i]);
5934 ldap_unbind_s(ldap_handle);
5936 for (i = 0; i < MAX_SERVER_NAMES; i++)
5938 if (ServerList[i] != NULL)
5940 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
5941 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
5942 strcat(ServerList[i], ".");
5943 strcat(ServerList[i], ldap_domain);
5944 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5945 ServerList[i][k] = toupper(ServerList[i][k]);
5952 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5953 char *attribute_value, char *attribute, char *user_name)
5955 char *mod_v[] = {NULL, NULL};
5956 LDAPMod *DelMods[20];
5962 if (strlen(attribute_value) == 0)
5965 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5967 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5973 mod_v[0] = attribute_value;
5974 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5976 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5980 mod_v[0] = attribute_value;
5981 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5983 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5985 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5986 attribute, user_name, ldap_err2string(rc));
5994 int tickets_get_k5()
5997 char KinitPath[128];
6000 static char EnvVar[128];
6001 static char EnvVar1[128];
6003 strcpy(EnvVar, KRB5CCNAME);
6004 retval = putenv(EnvVar);
6005 strcpy(EnvVar1, KRBTKFILE);
6006 retval = putenv(EnvVar1);
6008 for (i = 0; i < (int)strlen(PrincipalName); i++)
6009 PrincipalName[i] = tolower(PrincipalName[i]);
6010 if (strlen(PrincipalName) == 0)
6012 strcpy(PrincipalName, PRODUCTION_PRINCIPAL);
6013 if (strcasecmp(ldap_domain, PRIMARY_DOMAIN))
6014 strcpy(PrincipalName, TEST_PRINCIPAL);
6017 memset(KinitPath, '\0',sizeof(KinitPath));
6019 strcpy(KinitPath, "/usr/athena/bin/");
6021 sprintf(temp, "%skinit -k -t %s %s", KinitPath, KEYTABFILE, PrincipalName);
6022 retval = system(temp);
6031 if (tickets_get_k5())
6034 if (tickets_get_k5())
6036 critical_alert("AD incremental", "%s",
6037 "winad.incr incremental failed (unable to get kerberos tickets)");
6044 int destroy_cache(void)
6046 krb5_context context;
6052 if (!krb5_init_context(&context))
6054 if (!krb5_cc_default(context, &cache))
6055 rc = krb5_cc_destroy(context, cache);
6057 if (context != NULL)
6058 krb5_free_context(context);
6065 void StringTrim(char *StringToTrim)
6071 if (strlen(StringToTrim) == 0)
6074 cPtr = StringToTrim;
6075 while (isspace(*cPtr))
6080 if (strlen(temp) == 0)
6082 strcpy(StringToTrim, temp);
6090 if (!isspace(temp[i-1]))
6095 strcpy(StringToTrim, temp);
6099 void ReadConfigFile()
6110 if ((fptr = fopen(WINADCFG, "r")) != NULL)
6112 while (fgets(temp, sizeof(temp), fptr) != 0)
6114 for (i = 0; i < (int)strlen(temp); i++)
6115 temp[i] = toupper(temp[i]);
6116 if (temp[strlen(temp) - 1] == '\n')
6117 temp[strlen(temp) - 1] = '\0';
6119 if (strlen(temp) == 0)
6121 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
6123 if (strlen(temp) > (strlen(DOMAIN)))
6125 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
6126 StringTrim(ldap_domain);
6129 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
6131 if (strlen(temp) > (strlen(PRINCIPALNAME)))
6133 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
6134 StringTrim(PrincipalName);
6137 else if (!strncmp(temp, SERVER, strlen(SERVER)))
6139 if (strlen(temp) > (strlen(SERVER)))
6141 ServerList[Count] = calloc(1, 256);
6142 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
6143 StringTrim(ServerList[Count]);
6147 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
6149 if (strlen(temp) > (strlen(MSSFU)))
6151 strcpy(temp1, &temp[strlen(MSSFU)]);
6153 if (!strcmp(temp1, SFUTYPE))
6157 else if (!strcasecmp(temp, "NOCHANGE"))
6159 NoChangeConfigFile = 1;
6163 if (strlen(ldap_domain) != 0)
6165 memset(ldap_domain, '\0', sizeof(ldap_domain));
6168 if (strlen(temp) != 0)
6169 strcpy(ldap_domain, temp);
6175 if (strlen(ldap_domain) == 0)
6177 critical_alert("incremental", "%s",
6178 "winad.incr cannot run due to a configuration error in winad.cfg");
6183 for (i = 0; i < Count; i++)
6185 if (ServerList[i] != 0)
6187 strcat(ServerList[i], ".");
6188 strcat(ServerList[i], ldap_domain);
6189 for (k = 0; k < (int)strlen(ServerList[i]); k++)
6190 ServerList[i][k] = toupper(ServerList[i][k]);