2 /* test parameters for creating a user account - done
3 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
4 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
5 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
7 * test parameters for deactivating/deleting a user account - done
8 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
9 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
10 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
11 * comment: clearid is the MIT ID
13 * test parameters for reactivating a user account - done
14 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
15 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
17 * test parameters for updating user account info - done
18 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF
19 * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF
20 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
21 * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated
23 * test parameters for changing user name - testing
24 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
25 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
28 * test parameters for add member to group/list - done
29 * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1
30 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
32 * test parameters for remove member from group/list - done
33 * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1
34 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
36 * test parameters for creating and/or populating a group/list - done
37 * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description
38 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
40 * test parameters for deleting a group/list - done
41 * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description
42 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
44 * test parameters for renaming a group/list - done
45 * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description
46 * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description
47 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
49 * test parameters for adding a file system - done
50 * filesys 0 11 addusr5 AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/a/d/addusr5 /mit/addusr5 w UserLocker addusr5 wheel 1 HOMEDIR
52 * test parameters for deleting a file system - done
53 * filesys 11 0 addusr8 AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/a/d/addusr8 /mit/addusr8 w none dtanner wheel 1 HOMEDIR
55 #include <mit-copyright.h>
67 #include <moira_site.h>
77 #define ECONNABORTED WSAECONNABORTED
80 #define ECONNREFUSED WSAECONNREFUSED
83 #define EHOSTUNREACH WSAEHOSTUNREACH
85 #define krb5_xfree free
87 #define sleep(A) Sleep(A * 1000);
91 #include <sys/types.h>
92 #include <netinet/in.h>
93 #include <arpa/nameser.h>
95 #include <sys/utsname.h>
98 #define WINADCFG "/moira/winad/winad.cfg"
99 #define strnicmp(A,B,C) strncasecmp(A,B,C)
100 #define UCHAR unsigned char
102 #define UF_SCRIPT 0x0001
103 #define UF_ACCOUNTDISABLE 0x0002
104 #define UF_HOMEDIR_REQUIRED 0x0008
105 #define UF_LOCKOUT 0x0010
106 #define UF_PASSWD_NOTREQD 0x0020
107 #define UF_PASSWD_CANT_CHANGE 0x0040
108 #define UF_DONT_EXPIRE_PASSWD 0x10000
110 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
111 #define UF_NORMAL_ACCOUNT 0x0200
112 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
113 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
114 #define UF_SERVER_TRUST_ACCOUNT 0x2000
117 #define BYTE unsigned char
119 typedef unsigned int DWORD;
120 typedef unsigned long ULONG;
125 unsigned short Data2;
126 unsigned short Data3;
127 unsigned char Data4[8];
130 typedef struct _SID_IDENTIFIER_AUTHORITY {
132 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
134 typedef struct _SID {
136 BYTE SubAuthorityCount;
137 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
138 DWORD SubAuthority[512];
143 #define WINADCFG "winad.cfg"
147 #define WINAFS "\\\\afs\\all\\"
149 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
150 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
151 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
152 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
153 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
155 #define QUERY_VERSION -1
156 #define PRIMARY_REALM "ATHENA.MIT.EDU"
165 #define MEMBER_REMOVE 2
166 #define MEMBER_CHANGE_NAME 3
167 #define MEMBER_ACTIVATE 4
168 #define MEMBER_DEACTIVATE 5
169 #define MEMBER_CREATE 6
171 #define MOIRA_ALL 0x0
172 #define MOIRA_USERS 0x1
173 #define MOIRA_KERBEROS 0x2
174 #define MOIRA_STRINGS 0x4
175 #define MOIRA_LISTS 0x8
177 typedef struct lk_entry {
187 struct lk_entry *next;
190 #define STOP_FILE "/moira/winad/nowinad"
191 #define file_exists(file) (access((file), F_OK) == 0)
193 #define LDAP_BERVAL struct berval
194 #define MAX_SERVER_NAMES 32
196 #define ADD_ATTR(t, v, o) \
197 mods[n] = malloc(sizeof(LDAPMod)); \
198 mods[n]->mod_op = o; \
199 mods[n]->mod_type = t; \
200 mods[n++]->mod_values = v
202 LK_ENTRY *member_base = NULL;
203 LK_ENTRY *sid_base = NULL;
204 LK_ENTRY **sid_ptr = NULL;
205 static char tbl_buf[1024];
206 char kerberos_ou[] = "OU=kerberos, OU=moira";
207 char contact_ou[] = "OU=strings, OU=moira";
208 char user_ou[] = "OU=users, OU=moira";
209 char group_ou_distribution[] = "OU=mail, OU=lists, OU=moira";
210 char group_ou_root[] = "OU=lists, OU=moira";
211 char group_ou_security[] = "OU=group, OU=lists, OU=moira";
212 char group_ou_neither[] = "OU=special, OU=lists, OU=moira";
213 char group_ou_both[] = "OU=mail, OU=group, OU=lists, OU=moira";
215 char ldap_domain[256];
216 int mr_connections = 0;
218 int UserReactivate = 0;
219 char default_server[256];
220 static char tbl_buf[1024];
222 extern int set_password(char *user, char *password, char *domain);
224 void AfsToWinAfs(char* path, char* winPath);
225 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
226 char *Win2kPassword, char *Win2kUser, char *default_server,
228 void ad_kdc_disconnect();
229 void check_winad(void);
230 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
231 char *fs_type, char *fs_pack, int operation);
232 int get_group_membership(char *group_membership, char *group_ou,
233 int *security_flag, char **av);
234 int process_lists(int ac, char **av, void *ptr);
235 int user_create(int ac, char **av, void *ptr);
236 int user_change_status(LDAP *ldap_handle, char *dn_path, char *user_name, int operation);
237 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
238 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
239 char *user_name, char *Uid, char *MitId, int State);
240 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
241 char *uid, char *MitId);
242 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
243 int group_create(int ac, char **av, void *ptr);
244 int group_delete(LDAP *ldap_handle, char *dn_path,
245 char *group_name, char *group_membership);
246 int group_rename(LDAP *ldap_handle, char *dn_path,
247 char *before_group_name, char *before_group_membership,
248 char *before_group_ou, int before_security_flag,
249 char *after_group_name, char *after_group_membership,
250 char *after_group_ou, int after_security_flag);
251 int member_list_build(int ac, char **av, void *ptr);
252 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
253 char *group_ou, char *group_membership,
254 char *user_name, char *pUserOu);
255 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
256 char *group_ou, char *group_membership, char *user_name,
258 int sid_update(LDAP *ldap_handle, char *dn_path);
259 int check_string(char *s);
260 void convert_b_to_a(char *string, UCHAR *binary, int length);
261 int mr_connect_cl(char *server, char *client, int version, int auth);
263 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
264 char **before, int beforec, char **after, int afterc);
265 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
266 char **before, int beforec, char **after, int afterc);
267 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
268 char **before, int beforec, char **after, int afterc);
269 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
270 char **before, int beforec, char **after, int afterc);
271 int linklist_create_entry(char *attribute, char *value,
272 LK_ENTRY **linklist_entry);
273 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
274 char **attr_array, LK_ENTRY **linklist_base,
275 int *linklist_count);
276 void linklist_free(LK_ENTRY *linklist_base);
278 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
279 char *distinguished_name, LK_ENTRY **linklist_current);
280 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
281 LK_ENTRY **linklist_base, int *linklist_count);
282 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
283 char *Attribute, char *distinguished_name,
284 LK_ENTRY **linklist_current);
286 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
287 char *oldValue, char *newValue,
288 char ***modvalues, int type);
289 void free_values(char **modvalues);
291 int convert_domain_to_dn(char *domain, char **bind_path);
292 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
293 char *distinguished_name);
294 int moira_disconnect(void);
295 int moira_connect(void);
296 void print_to_screen(const char *fmt, ...);
298 int main(int argc, char **argv)
311 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
315 com_err(whoami, 0, "%s", "argc < 4");
318 beforec = atoi(argv[2]);
319 afterc = atoi(argv[3]);
321 if (argc < (4 + beforec + afterc))
323 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
329 after = &argv[4 + beforec];
331 for (i = 1; i < argc; i++)
333 strcat(tbl_buf, argv[i]);
334 strcat(tbl_buf, " ");
336 com_err(whoami, 0, "%s", tbl_buf);
340 memset(ldap_domain, '\0', sizeof(ldap_domain));
341 if ((fptr = fopen(WINADCFG, "r")) != NULL)
343 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
346 if (strlen(ldap_domain) == 0)
347 strcpy(ldap_domain, "win.mit.edu");
348 initialize_sms_error_table();
349 initialize_krb_error_table();
351 memset(default_server, '\0', sizeof(default_server));
352 memset(dn_path, '\0', sizeof(dn_path));
353 if (ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1))
355 com_err(whoami, 0, "cannot connect to any server in domain %s", ldap_domain);
359 for (i = 0; i < (int)strlen(table); i++)
360 table[i] = tolower(table[i]);
361 if (!strcmp(table, "users"))
362 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
364 else if (!strcmp(table, "list"))
365 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
367 else if (!strcmp(table, "imembers"))
368 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
370 else if (!strcmp(table, "filesys"))
371 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
374 else if (!strcmp(table, "quota"))
375 do_quota(before, beforec, after, afterc);
379 rc = ldap_unbind_s(ldap_handle);
383 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
384 char **before, int beforec, char **after, int afterc)
397 if (afterc < FS_CREATE)
401 atype = !strcmp(after[FS_TYPE], "AFS");
402 acreate = atoi(after[FS_CREATE]);
405 if (beforec < FS_CREATE)
407 if (acreate == 0 || atype == 0)
409 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
413 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
414 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
416 if (rc != LDAP_SUCCESS)
417 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
424 if (rc = moira_connect())
426 critical_alert("AD incremental",
427 "Error contacting Moira server : %s",
431 av[0] = after[FS_NAME];
432 call_args[0] = (char *)ldap_handle;
433 call_args[1] = dn_path;
434 call_args[2] = (char *)MEMBER_ACTIVATE;
438 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
442 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
445 if (sid_base != NULL)
447 sid_update(ldap_handle, dn_path);
448 linklist_free(sid_base);
456 btype = !strcmp(before[FS_TYPE], "AFS");
457 bcreate = atoi(before[FS_CREATE]);
458 if (afterc < FS_CREATE)
460 if (btype && bcreate)
462 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
463 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
465 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
474 if (!atype && !btype)
476 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
478 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
479 before[FS_NAME], after[FS_NAME]);
483 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
487 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
488 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
490 if (rc != LDAP_SUCCESS)
491 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
498 if (rc = moira_connect())
500 critical_alert("AD incremental",
501 "Error contacting Moira server : %s",
505 av[0] = after[FS_NAME];
506 call_args[0] = (char *)ldap_handle;
507 call_args[1] = dn_path;
508 call_args[2] = (char *)MEMBER_ACTIVATE;
512 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
516 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
519 if (sid_base != NULL)
521 sid_update(ldap_handle, dn_path);
522 linklist_free(sid_base);
531 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
532 char **before, int beforec, char **after, int afterc)
549 char group_membership[1];
552 char before_group_membership[1];
553 int before_security_flag;
554 char before_group_ou[256];
556 LK_ENTRY *ptr = NULL;
558 if (beforec == 0 && afterc == 0)
561 astatus = bstatus = 0;
563 apublic = bpublic = 0;
564 amaillist = bmaillist = 0;
568 if (beforec > L_GID && atoi(before[L_ACTIVE]))
570 bgid = atoi(before[L_GID]);
571 bstatus = atoi(before[L_ACTIVE]);
572 bhide = atoi(before[L_HIDDEN]);
573 bpublic = atoi(before[L_PUBLIC]);
574 bmaillist = atoi(before[L_MAILLIST]);
575 bgroup = atoi(before[L_GROUP]);
576 before_security_flag = 0;
577 memset(before_group_ou, '\0', sizeof(before_group_ou));
578 memset(before_group_membership, '\0', sizeof(before_group_membership));
579 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
581 if (afterc > L_GID && atoi(after[L_ACTIVE]))
583 agid = atoi(after[L_GID]);
584 astatus = atoi(after[L_ACTIVE]);
585 ahide = atoi(after[L_HIDDEN]);
586 apublic = atoi(after[L_PUBLIC]);
587 amaillist = atoi(after[L_MAILLIST]);
588 agroup = atoi(after[L_GROUP]);
590 memset(group_ou, '\0', sizeof(group_ou));
591 memset(group_membership, '\0', sizeof(group_membership));
592 get_group_membership(group_membership, group_ou, &security_flag, after);
594 if (agid == 0 && bgid == 0)
599 if (strcmp(after[L_NAME], before[L_NAME]))
601 if (astatus && bstatus)
603 com_err(whoami, 0, "Changing list name from %s to %s",
604 before[L_NAME], after[L_NAME]);
605 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
606 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
608 com_err(whoami, 0, "%s", "couldn't find the group OU's");
611 if ((rc = group_rename(ldap_handle, dn_path,
612 before[L_NAME], before_group_membership,
613 before_group_ou, before_security_flag,
614 after[L_NAME], group_membership,
615 group_ou, security_flag)) != LDAP_NO_SUCH_OBJECT)
617 if (rc != LDAP_SUCCESS)
618 com_err(whoami, 0, "Could not change list name from %s to %s",
634 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
636 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
639 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
640 rc = group_delete(ldap_handle, dn_path, before[L_NAME], before_group_membership);
645 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
647 if (rc = moira_connect())
649 critical_alert("AD incremental",
650 "Error contacting Moira server : %s",
655 av[0] = after[L_NAME];
656 call_args[0] = (char *)ldap_handle;
657 call_args[1] = dn_path;
658 call_args[2] = after[L_NAME];
659 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
663 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
666 com_err(whoami, 0, "Couldn't create list %s : %s", after[L_NAME], error_message(rc));
669 if (sid_base != NULL)
671 sid_update(ldap_handle, dn_path);
672 linklist_free(sid_base);
677 com_err(whoami, 0, "Populating group %s", after[L_NAME]);
678 av[0] = after[L_NAME];
679 call_args[0] = (char *)ldap_handle;
680 call_args[1] = dn_path;
681 call_args[2] = after[L_NAME];
682 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
685 if (rc = mr_query("get_end_members_of_list", 1, av,
686 member_list_build, call_args))
689 com_err(whoami, 0, "Couldn't populate list %s : %s",
690 after[L_NAME], error_message(rc));
693 if (member_base != NULL)
698 if (!strcasecmp(ptr->type, "LIST"))
704 if (!strcasecmp(ptr->type, "STRING"))
706 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
708 pUserOu = contact_ou;
710 else if (!strcasecmp(ptr->type, "KERBEROS"))
712 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
714 pUserOu = kerberos_ou;
716 rc = member_add(ldap_handle, dn_path, after[L_NAME],
717 group_ou, group_membership, ptr->member, pUserOu);
720 linklist_free(member_base);
729 #define LM_EXTRA_ACTIVE (LM_END)
730 #define LM_EXTRA_PUBLIC (LM_END+1)
731 #define LM_EXTRA_HIDDEN (LM_END+2)
732 #define LM_EXTRA_MAILLIST (LM_END+3)
733 #define LM_EXTRA_GROUP (LM_END+4)
734 #define LM_EXTRA_GID (LM_END+5)
735 #define LM_EXTRA_END (LM_END+6)
737 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
738 char **before, int beforec, char **after, int afterc)
740 char group_name[128];
744 char group_membership[1];
755 if (afterc < LM_EXTRA_END)
757 if (!atoi(after[LM_EXTRA_ACTIVE]))
760 strcpy(user_name, after[LM_MEMBER]);
761 strcpy(group_name, after[LM_LIST]);
762 strcpy(user_type, after[LM_TYPE]);
767 if (beforec < LM_EXTRA_END)
769 if (!atoi(before[LM_EXTRA_ACTIVE]))
772 strcpy(user_name, before[LM_MEMBER]);
773 strcpy(group_name, before[LM_LIST]);
774 strcpy(user_type, before[LM_TYPE]);
780 args[L_NAME] = ptr[LM_LIST];
781 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
782 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
783 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
784 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
785 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
786 args[L_GID] = ptr[LM_EXTRA_GID];
789 memset(group_ou, '\0', sizeof(group_ou));
790 get_group_membership(group_membership, group_ou, &security_flag, args);
791 if (strlen(group_ou) == 0)
793 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
800 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
803 com_err(whoami, 0, "Removing user %s from list %s", user_name, group_name);
805 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
807 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
809 pUserOu = contact_ou;
811 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
813 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
815 pUserOu = kerberos_ou;
817 rc = member_remove(ldap_handle, dn_path, group_name,
818 group_ou, group_membership, ptr[LM_MEMBER], pUserOu);
822 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
825 com_err(whoami, 0, "Adding user %s to list %s", user_name, group_name);
827 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
829 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
831 pUserOu = contact_ou;
833 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
835 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
837 pUserOu = kerberos_ou;
839 rc = member_add(ldap_handle, dn_path, group_name,
840 group_ou, group_membership, ptr[LM_MEMBER], pUserOu);
845 com_err(whoami, 0, "Couldn't add %s to group %s", user_name, group_name);
847 com_err(whoami, 0, "Couldn't remove %s to group %s", user_name, group_name);
853 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
854 char **before, int beforec, char **after,
863 if ((beforec == 0) || (afterc == 0))
868 if (afterc > U_STATE)
869 astate = atoi(after[U_STATE]);
870 if (beforec > U_STATE)
871 bstate = atoi(before[U_STATE]);
878 if ((bstate == 0) && (astate == 0))
881 if (astate == bstate)
883 if (!strcmp(before[U_NAME], after[U_NAME]))
885 com_err(whoami, 0, "Updating user %s info", before[U_NAME]);
886 rc = user_update(ldap_handle, dn_path, before[U_NAME],
887 before[U_UID], before[U_MITID]);
892 com_err(whoami, 0, "Changing user %s to %s", before[U_NAME],
894 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
895 after[U_NAME], after[U_UID], after[U_MITID],
896 atoi(after[U_STATE]))) != LDAP_NO_SUCH_OBJECT)
898 if (rc != LDAP_SUCCESS)
900 com_err(whoami, 0, "Could not change user %s to %s : %s",
902 after[U_NAME], error_message(rc));
912 com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]);
914 if ((rc = user_change_status(ldap_handle, dn_path, before[U_NAME],
915 MEMBER_DEACTIVATE)) != LDAP_SUCCESS)
917 com_err(whoami, 0, "Couldn't deactivate user %s in the AD", before[U_NAME]);
924 if (rc = moira_connect())
926 critical_alert("AD incremental",
927 "Error connection to Moira : %s",
931 com_err(whoami, 0, "Creating/Reactivating user %s", after[U_NAME]);
933 av[0] = after[U_NAME];
934 call_args[0] = (char *)ldap_handle;
935 call_args[1] = dn_path;
936 call_args[2] = (char *)MEMBER_ACTIVATE;
941 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
945 com_err(whoami, 0, "Couldn't create/activate user %s : %s",
946 after[U_NAME], error_message(rc));
950 if (sid_base != NULL)
952 sid_update(ldap_handle, dn_path);
953 linklist_free(sid_base);
958 av[1] = after[U_NAME];
959 call_args[0] = (char *)ldap_handle;
960 call_args[1] = dn_path;
961 call_args[2] = after[U_NAME];
962 call_args[3] = user_ou;
963 rc = mr_query("get_lists_of_member", 2, av, process_lists,
965 if (rc && rc != MR_NO_MATCH)
967 com_err(whoami, 0, "Couldn't retrieve membership of user %s: %s",
968 after[U_NAME], error_message(rc));
977 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
978 char *oldValue, char *newValue,
979 char ***modvalues, int type)
981 LK_ENTRY *linklist_ptr;
985 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
990 for (i = 0; i < (modvalue_count + 1); i++)
991 (*modvalues)[i] = NULL;
992 if (modvalue_count != 0)
994 linklist_ptr = linklist_base;
995 for (i = 0; i < modvalue_count; i++)
997 if ((oldValue != NULL) && (newValue != NULL))
999 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1002 if (type == REPLACE)
1004 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1007 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1008 strcpy((*modvalues)[i], newValue);
1012 if (((*modvalues)[i] = calloc(1,
1013 (int)(cPtr - linklist_ptr->value) +
1014 (linklist_ptr->length - strlen(oldValue)) +
1015 strlen(newValue) + 1)) == NULL)
1017 memset((*modvalues)[i], '\0',
1018 (int)(cPtr - linklist_ptr->value) +
1019 (linklist_ptr->length - strlen(oldValue)) +
1020 strlen(newValue) + 1);
1021 memcpy((*modvalues)[i], linklist_ptr->value,
1022 (int)(cPtr - linklist_ptr->value));
1023 strcat((*modvalues)[i], newValue);
1024 strcat((*modvalues)[i],
1025 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1030 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1031 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1032 memcpy((*modvalues)[i], linklist_ptr->value,
1033 linklist_ptr->length);
1038 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1039 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1040 memcpy((*modvalues)[i], linklist_ptr->value,
1041 linklist_ptr->length);
1043 linklist_ptr = linklist_ptr->next;
1045 (*modvalues)[i] = NULL;
1051 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1052 char **attr_array, LK_ENTRY **linklist_base,
1053 int *linklist_count)
1056 LDAPMessage *ldap_entry;
1060 (*linklist_base) = NULL;
1061 (*linklist_count) = 0;
1062 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1063 search_exp, attr_array, 0, &ldap_entry))
1066 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1068 ldap_msgfree(ldap_entry);
1073 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1074 LK_ENTRY **linklist_base, int *linklist_count)
1076 char distinguished_name[1024];
1077 LK_ENTRY *linklist_ptr;
1080 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1083 memset(distinguished_name, '\0', sizeof(distinguished_name));
1084 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1086 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1087 linklist_base)) != 0)
1090 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1092 memset(distinguished_name, '\0', sizeof(distinguished_name));
1093 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1095 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1096 linklist_base)) != 0)
1100 linklist_ptr = (*linklist_base);
1101 (*linklist_count) = 0;
1102 while (linklist_ptr != NULL)
1104 ++(*linklist_count);
1105 linklist_ptr = linklist_ptr->next;
1110 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1111 char *distinguished_name, LK_ENTRY **linklist_current)
1117 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1119 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1121 ldap_memfree(Attribute);
1122 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1125 retrieve_values(ldap_handle, ldap_entry, Attribute,
1126 distinguished_name, linklist_current);
1127 ldap_memfree(Attribute);
1130 ldap_ber_free(ptr, 0);
1134 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1135 char *Attribute, char *distinguished_name,
1136 LK_ENTRY **linklist_current)
1142 LK_ENTRY *linklist_previous;
1143 LDAP_BERVAL **ber_value;
1151 SID_IDENTIFIER_AUTHORITY *sid_auth;
1152 unsigned char *subauth_count;
1153 #endif /*LDAP_BEGUG*/
1156 memset(temp, '\0', sizeof(temp));
1157 if ((!strcmp(Attribute, "objectSid")) ||
1158 (!strcmp(Attribute, "objectGUID")))
1163 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1164 Ptr = (void **)ber_value;
1169 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1170 Ptr = (void **)str_value;
1177 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1179 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1180 linklist_previous->next = (*linklist_current);
1181 (*linklist_current) = linklist_previous;
1183 if (((*linklist_current)->attribute = calloc(1,
1184 strlen(Attribute) + 1)) == NULL)
1186 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1187 strcpy((*linklist_current)->attribute, Attribute);
1190 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1191 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1193 memset((*linklist_current)->value, '\0', ber_length);
1194 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1196 (*linklist_current)->length = ber_length;
1200 if (((*linklist_current)->value = calloc(1,
1201 strlen(*Ptr) + 1)) == NULL)
1203 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1204 (*linklist_current)->length = strlen(*Ptr);
1205 strcpy((*linklist_current)->value, *Ptr);
1207 (*linklist_current)->ber_value = use_bervalue;
1208 if (((*linklist_current)->dn = calloc(1,
1209 strlen(distinguished_name) + 1)) == NULL)
1211 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1212 strcpy((*linklist_current)->dn, distinguished_name);
1215 if (!strcmp(Attribute, "objectGUID"))
1217 guid = (GUID *)((*linklist_current)->value);
1218 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1219 guid->Data1, guid->Data2, guid->Data3,
1220 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1221 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1222 guid->Data4[6], guid->Data4[7]);
1223 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1225 else if (!strcmp(Attribute, "objectSid"))
1227 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1229 print_to_screen(" Revision = %d\n", sid->Revision);
1230 print_to_screen(" SID Identifier Authority:\n");
1231 sid_auth = &sid->IdentifierAuthority;
1232 if (sid_auth->Value[0])
1233 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1234 else if (sid_auth->Value[1])
1235 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1236 else if (sid_auth->Value[2])
1237 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1238 else if (sid_auth->Value[3])
1239 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1240 else if (sid_auth->Value[5])
1241 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1243 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1244 subauth_count = GetSidSubAuthorityCount(sid);
1245 print_to_screen(" SidSubAuthorityCount = %d\n",
1247 print_to_screen(" SidSubAuthority:\n");
1248 for (i = 0; i < *subauth_count; i++)
1250 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1251 print_to_screen(" %u\n", *subauth);
1255 else if ((!memcmp(Attribute, "userAccountControl",
1256 strlen("userAccountControl"))) ||
1257 (!memcmp(Attribute, "sAMAccountType",
1258 strlen("sAmAccountType"))))
1260 intValue = atoi(*Ptr);
1261 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1262 if (!memcmp(Attribute, "userAccountControl",
1263 strlen("userAccountControl")))
1265 if (intValue & UF_ACCOUNTDISABLE)
1266 print_to_screen(" %20s : %s\n",
1267 "", "Account disabled");
1269 print_to_screen(" %20s : %s\n",
1270 "", "Account active");
1271 if (intValue & UF_HOMEDIR_REQUIRED)
1272 print_to_screen(" %20s : %s\n",
1273 "", "Home directory required");
1274 if (intValue & UF_LOCKOUT)
1275 print_to_screen(" %20s : %s\n",
1276 "", "Account locked out");
1277 if (intValue & UF_PASSWD_NOTREQD)
1278 print_to_screen(" %20s : %s\n",
1279 "", "No password required");
1280 if (intValue & UF_PASSWD_CANT_CHANGE)
1281 print_to_screen(" %20s : %s\n",
1282 "", "Cannot change password");
1283 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1284 print_to_screen(" %20s : %s\n",
1285 "", "Temp duplicate account");
1286 if (intValue & UF_NORMAL_ACCOUNT)
1287 print_to_screen(" %20s : %s\n",
1288 "", "Normal account");
1289 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1290 print_to_screen(" %20s : %s\n",
1291 "", "Interdomain trust account");
1292 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1293 print_to_screen(" %20s : %s\n",
1294 "", "Workstation trust account");
1295 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1296 print_to_screen(" %20s : %s\n",
1297 "", "Server trust account");
1302 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1304 #endif /*LDAP_DEBUG*/
1306 if (str_value != NULL)
1307 ldap_value_free(str_value);
1308 if (ber_value != NULL)
1309 ldap_value_free_len(ber_value);
1311 (*linklist_current) = linklist_previous;
1315 int moira_connect(void)
1320 if (!mr_connections++)
1323 memset(HostName, '\0', sizeof(HostName));
1324 strcpy(HostName, "ttsp");
1325 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1327 rc = mr_connect(HostName);
1332 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1334 rc = mr_connect(uts.nodename);
1339 rc = mr_auth("winad.incr");
1346 void check_winad(void)
1350 for (i = 0; file_exists(STOP_FILE); i++)
1354 critical_alert("AD incremental",
1355 "WINAD incremental failed (%s exists): %s",
1356 STOP_FILE, tbl_buf);
1363 int moira_disconnect(void)
1366 if (!--mr_connections)
1373 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1374 char *distinguished_name)
1378 CName = ldap_get_dn(ldap_handle, ldap_entry);
1381 strcpy(distinguished_name, CName);
1382 ldap_memfree(CName);
1385 int linklist_create_entry(char *attribute, char *value,
1386 LK_ENTRY **linklist_entry)
1388 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1389 if (!(*linklist_entry))
1393 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1394 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1395 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1396 strcpy((*linklist_entry)->attribute, attribute);
1397 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1398 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1399 strcpy((*linklist_entry)->value, value);
1400 (*linklist_entry)->length = strlen(value);
1401 (*linklist_entry)->next = NULL;
1405 void print_to_screen(const char *fmt, ...)
1409 va_start(pvar, fmt);
1410 vfprintf(stderr, fmt, pvar);
1415 int get_group_membership(char *group_membership, char *group_ou,
1416 int *security_flag, char **av)
1421 maillist_flag = atoi(av[L_MAILLIST]);
1422 group_flag = atoi(av[L_GROUP]);
1423 if (security_flag != NULL)
1424 (*security_flag) = 0;
1426 if ((maillist_flag) && (group_flag))
1428 if (group_membership != NULL)
1429 group_membership[0] = 'B';
1430 if (security_flag != NULL)
1431 (*security_flag) = 1;
1432 if (group_ou != NULL)
1433 strcpy(group_ou, group_ou_both);
1435 else if ((!maillist_flag) && (group_flag))
1437 if (group_membership != NULL)
1438 group_membership[0] = 'S';
1439 if (security_flag != NULL)
1440 (*security_flag) = 1;
1441 if (group_ou != NULL)
1442 strcpy(group_ou, group_ou_security);
1444 else if ((maillist_flag) && (!group_flag))
1446 if (group_membership != NULL)
1447 group_membership[0] = 'D';
1448 if (group_ou != NULL)
1449 strcpy(group_ou, group_ou_distribution);
1453 if (group_membership != NULL)
1454 group_membership[0] = 'N';
1455 if (group_ou != NULL)
1456 strcpy(group_ou, group_ou_neither);
1461 int group_rename(LDAP *ldap_handle, char *dn_path,
1462 char *before_group_name, char *before_group_membership,
1463 char *before_group_ou, int before_security_flag,
1464 char *after_group_name, char *after_group_membership,
1465 char *after_group_ou, int after_security_flag)
1470 char new_dn_path[512];
1472 char filter_exp[4096];
1473 char *attr_array[3];
1474 char *name_v[] = {NULL, NULL};
1475 char *samAccountName_v[] = {NULL, NULL};
1479 LK_ENTRY *group_base;
1482 if (!check_string(before_group_name))
1484 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1487 if (!check_string(after_group_name))
1489 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1493 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", before_group_name, before_group_membership[0]);
1494 attr_array[0] = "distinguishedName";
1495 attr_array[1] = NULL;
1496 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1497 &group_base, &group_count)) != 0)
1499 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1500 after_group_name, ldap_err2string(rc));
1503 if (group_count != 1)
1505 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1507 callback_rc = LDAP_NO_SUCH_OBJECT;
1510 strcpy(old_dn, group_base->value);
1511 linklist_free(group_base);
1515 sprintf(sam_name, "%s_zZx%c", after_group_name, after_group_membership[0]);
1516 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1517 sprintf(new_dn, "cn=%s", after_group_name);
1518 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1519 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1521 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1522 after_group_name, after_group_name, ldap_err2string(rc));
1526 name_v[0] = after_group_name;
1527 samAccountName_v[0] = sam_name;
1529 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1530 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1532 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1533 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1535 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
1536 after_group_name, ldap_err2string(rc));
1538 for (i = 0; i < n; i++)
1543 int group_create(int ac, char **av, void *ptr)
1548 char new_group_name[256];
1549 char sam_group_name[256];
1550 char cn_group_name[256];
1551 char *cn_v[] = {NULL, NULL};
1552 char *objectClass_v[] = {"top", "group", NULL};
1554 char *samAccountName_v[] = {NULL, NULL};
1555 char *managedBy_v[] = {NULL, NULL};
1556 char *altSecurityIdentities_v[] = {NULL, NULL};
1557 char *name_v[] = {NULL, NULL};
1558 char *desc_v[] = {NULL, NULL};
1559 char *info_v[] = {NULL, NULL};
1560 char *groupTypeControl_v[] = {NULL, NULL};
1561 char groupTypeControlStr[80];
1562 char group_membership[1];
1565 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1569 char filter_exp[256];
1570 char *attr_array[3];
1575 if (!atoi(av[L_ACTIVE]))
1577 if (!check_string(av[L_NAME]))
1579 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
1583 memset(group_ou, 0, sizeof(group_ou));
1584 memset(group_membership, 0, sizeof(group_membership));
1586 get_group_membership(group_membership, group_ou, &security_flag, av);
1589 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1590 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1591 groupTypeControl_v[0] = groupTypeControlStr;
1593 strcpy(new_group_name, av[L_NAME]);
1594 strcpy(sam_group_name, av[L_NAME]);
1595 strcpy(cn_group_name, av[L_NAME]);
1596 sprintf(&sam_group_name[strlen(sam_group_name)],
1597 "_zZx%c", group_membership[0]);
1599 samAccountName_v[0] = sam_group_name;
1600 name_v[0] = new_group_name;
1601 cn_v[0] = new_group_name;
1603 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1605 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1606 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1607 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1608 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1609 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1610 if (strlen(av[L_DESC]) != 0)
1612 desc_v[0] = av[L_DESC];
1613 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1615 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1616 if (strlen(av[L_ACE_NAME]) != 0)
1618 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1620 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1624 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1626 for (i = 0; i < n; i++)
1628 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1630 com_err(whoami, 0, "Unable to create list %s in AD : %s",
1631 av[L_NAME], ldap_err2string(rc));
1634 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1635 attr_array[0] = "objectSid";
1636 attr_array[1] = NULL;
1638 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1639 sid_ptr, &sid_count)) == LDAP_SUCCESS)
1643 (*sid_ptr)->member = strdup(av[L_NAME]);
1644 (*sid_ptr)->type = (char *)GROUPS;
1645 sid_ptr = &(*sid_ptr)->next;
1651 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name, char *group_membership)
1653 LK_ENTRY *group_base;
1654 char *attr_array[3];
1655 char filter_exp[1024];
1656 char sam_group_name[256];
1661 if (!check_string(group_name))
1663 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
1669 attr_array[0] = "distinguishedName";
1670 attr_array[1] = NULL;
1671 strcpy(sam_group_name, group_name);
1672 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1673 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1674 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1675 &group_base, &group_count) != 0)
1677 if (group_count == 1)
1679 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1681 linklist_free(group_base);
1682 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
1683 group_name, ldap_err2string(rc));
1686 linklist_free(group_base);
1690 linklist_free(group_base);
1691 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
1698 int process_lists(int ac, char **av, void *ptr)
1703 char group_membership[2];
1709 memset(group_ou, '\0', sizeof(group_ou));
1710 memset(group_membership, '\0', sizeof(group_membership));
1711 get_group_membership(group_membership, group_ou, &security_flag, av);
1712 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
1713 group_ou, group_membership, call_args[2], (char *)call_args[3]);
1716 com_err(whoami, 0, "Couldn't add %s to group %s", call_args[2], av[L_NAME]);
1721 int member_list_build(int ac, char **av, void *ptr)
1729 strcpy(temp, av[ACE_NAME]);
1730 if (!check_string(temp))
1732 if (!strcmp(av[ACE_TYPE], "USER"))
1734 if (!((int)call_args[3] & MOIRA_USERS))
1737 else if (!strcmp(av[ACE_TYPE], "STRING"))
1739 if (!((int)call_args[3] & MOIRA_STRINGS))
1741 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1744 else if (!strcmp(av[ACE_TYPE], "LIST"))
1746 if (!((int)call_args[3] & MOIRA_LISTS))
1749 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
1751 if (!((int)call_args[3] & MOIRA_KERBEROS))
1753 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1759 linklist = member_base;
1762 if (!strcasecmp(temp, linklist->member))
1764 linklist = linklist->next;
1766 linklist = calloc(1, sizeof(LK_ENTRY));
1768 linklist->dn = NULL;
1769 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1770 strcpy(linklist->list, call_args[2]);
1771 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1772 strcpy(linklist->type, av[ACE_TYPE]);
1773 linklist->member = calloc(1, strlen(temp) + 1);
1774 strcpy(linklist->member, temp);
1775 linklist->next = member_base;
1776 member_base = linklist;
1780 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1781 char *group_ou, char *group_membership, char *user_name,
1784 char distinguished_name[1024];
1786 char filter_exp[4096];
1787 char *attr_array[3];
1793 LK_ENTRY *group_base;
1796 if (!check_string(group_name))
1798 strcpy(temp, group_name);
1799 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1800 attr_array[0] = "distinguishedName";
1801 attr_array[1] = NULL;
1802 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1803 &group_base, &group_count)) != 0)
1805 com_err(whoami, 0, "LDAP server unable to get list %s info : %s",
1806 group_name, ldap_err2string(rc));
1809 if (group_count != 1)
1811 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1813 linklist_free(group_base);
1818 strcpy(distinguished_name, group_base->value);
1819 linklist_free(group_base);
1823 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
1824 modvalues[0] = temp;
1825 modvalues[1] = NULL;
1828 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1830 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1831 for (i = 0; i < n; i++)
1833 if (rc != LDAP_SUCCESS)
1835 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
1836 group_name, ldap_err2string(rc));
1844 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
1845 char *group_ou, char *group_membership, char *user_name, char *UserOu)
1847 char distinguished_name[1024];
1849 char filter_exp[4096];
1850 char *attr_array[3];
1856 LK_ENTRY *group_base;
1863 if (!check_string(group_name))
1866 strcpy(temp, group_name);
1867 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1868 attr_array[0] = "distinguishedName";
1869 attr_array[1] = NULL;
1870 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1871 &group_base, &group_count)) != 0)
1873 com_err(whoami, 0, "LDAP server unable to get list %s info : %s",
1874 group_name, ldap_err2string(rc));
1877 if (group_count != 1)
1879 linklist_free(group_base);
1882 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1887 strcpy(distinguished_name, group_base->value);
1888 linklist_free(group_base);
1892 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
1893 modvalues[0] = temp;
1894 modvalues[1] = NULL;
1897 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
1899 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1900 if (rc == LDAP_ALREADY_EXISTS)
1902 for (i = 0; i < n; i++)
1904 if (rc != LDAP_SUCCESS)
1906 com_err(whoami, 0, "LDAP server unable to modify list %s members in AD : %s",
1907 group_name, ldap_err2string(rc));
1913 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
1917 char cn_user_name[256];
1918 char contact_name[256];
1919 char *email_v[] = {NULL, NULL};
1920 char *cn_v[] = {NULL, NULL};
1921 char *contact_v[] = {NULL, NULL};
1922 char *objectClass_v[] = {"top", "person",
1923 "organizationalPerson",
1925 char *name_v[] = {NULL, NULL};
1926 char *desc_v[] = {NULL, NULL};
1931 if (!check_string(user))
1933 com_err(whoami, 0, "invalid LDAP name %s", user);
1936 strcpy(contact_name, user);
1937 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
1938 cn_v[0] = cn_user_name;
1939 contact_v[0] = contact_name;
1941 desc_v[0] = "Auto account created by Moira";
1944 strcpy(new_dn, cn_user_name);
1946 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
1947 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1948 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1949 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1950 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1951 if (!strcmp(group_ou, contact_ou))
1953 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
1957 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
1958 for (i = 0; i < n; i++)
1960 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1963 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
1964 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1965 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1966 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1967 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1969 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
1970 for (i = 0; i < n; i++)
1973 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1975 com_err(whoami, 0, "could not create contact %s : %s",
1976 user, ldap_err2string(rc));
1982 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
1983 char *Uid, char *MitId)
1986 LK_ENTRY *group_base;
1988 char distinguished_name[256];
1989 char *uid_v[] = {NULL, NULL};
1990 char *mitid_v[] = {NULL, NULL};
1991 char *homedir_v[] = {NULL, NULL};
1992 char *winProfile_v[] = {NULL, NULL};
1993 char *drives_v[] = {NULL, NULL};
1997 char filter_exp[256];
1998 char *attr_array[3];
2002 char winProfile[256];
2004 if (!check_string(user_name))
2006 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2012 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2013 attr_array[0] = "cn";
2014 attr_array[1] = NULL;
2015 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2016 &group_base, &group_count)) != 0)
2018 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2019 user_name, ldap_err2string(rc));
2023 if (group_count != 1)
2025 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2027 linklist_free(group_base);
2028 return(LDAP_NO_SUCH_OBJECT);
2030 strcpy(distinguished_name, group_base->dn);
2032 linklist_free(group_base);
2035 if (strlen(Uid) != 0)
2038 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2039 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2041 if (strlen(MitId) != 0)
2044 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2046 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2048 memset(path, 0, sizeof(path));
2049 memset(winPath, 0, sizeof(winPath));
2050 sscanf(hp[0], "%*s %s", path);
2051 if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0)
2053 AfsToWinAfs(path, winPath);
2054 homedir_v[0] = winPath;
2055 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2056 strcpy(winProfile, winPath);
2057 strcat(winProfile, "\\.winprofile");
2058 winProfile_v[0] = winProfile;
2059 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2061 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2067 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2069 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2070 user_name, ldap_err2string(rc));
2072 for (i = 0; i < n; i++)
2088 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2089 char *user_name, char *Uid, char *MitId, int State)
2096 char *userPrincipalName_v[] = {NULL, NULL};
2097 char *altSecurityIdentities_v[] = {NULL, NULL};
2098 char *name_v[] = {NULL, NULL};
2099 char *samAccountName_v[] = {NULL, NULL};
2100 char *uid_v[] = {NULL, NULL};
2101 char *mitid_v[] = {NULL, NULL};
2106 if ((State != US_REGISTERED) && (State != US_NO_PASSWD) && (State != US_ENROLL_NOT_ALLOWED))
2109 if (!check_string(before_user_name))
2111 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2114 if (!check_string(user_name))
2116 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2120 strcpy(user_name, user_name);
2121 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2122 sprintf(new_dn, "cn=%s", user_name);
2123 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2124 NULL, NULL)) != LDAP_SUCCESS)
2126 if (rc != LDAP_NO_SUCH_OBJECT)
2127 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
2128 before_user_name, user_name, ldap_err2string(rc));
2132 name_v[0] = user_name;
2133 sprintf(upn, "%s@%s", user_name, ldap_domain);
2134 userPrincipalName_v[0] = upn;
2135 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2136 altSecurityIdentities_v[0] = temp;
2137 samAccountName_v[0] = user_name;
2140 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2141 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2142 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2143 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2144 if (strlen(Uid) != 0)
2147 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2148 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2150 if (strlen(MitId) != 0)
2153 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2156 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2157 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2159 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
2160 user_name, ldap_err2string(rc));
2162 for (i = 0; i < n; i++)
2167 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
2168 char *fs_type, char *fs_pack, int operation)
2170 char distinguished_name[256];
2172 char winProfile[256];
2173 char filter_exp[256];
2174 char *attr_array[3];
2175 char *homedir_v[] = {NULL, NULL};
2176 char *winProfile_v[] = {NULL, NULL};
2177 char *drives_v[] = {NULL, NULL};
2183 LK_ENTRY *group_base;
2185 if (!check_string(fs_name))
2187 com_err(whoami, 0, "invalid filesys name %s", fs_name);
2191 if (strcmp(fs_type, "AFS"))
2193 com_err(whoami, 0, "invalid filesys type %s", fs_type);
2199 sprintf(filter_exp, "(sAMAccountName=%s)", fs_name);
2200 attr_array[0] = "cn";
2201 attr_array[1] = NULL;
2202 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2203 &group_base, &group_count)) != 0)
2205 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
2206 fs_name, ldap_err2string(rc));
2210 if (group_count != 1)
2212 linklist_free(group_base);
2213 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2215 return(LDAP_NO_SUCH_OBJECT);
2217 strcpy(distinguished_name, group_base->dn);
2218 linklist_free(group_base);
2222 if (operation == LDAP_MOD_ADD)
2224 memset(winPath, 0, sizeof(winPath));
2225 AfsToWinAfs(fs_pack, winPath);
2226 homedir_v[0] = winPath;
2228 memset(winProfile, 0, sizeof(winProfile));
2229 strcpy(winProfile, winPath);
2230 strcat(winProfile, "\\.winprofile");
2231 winProfile_v[0] = winProfile;
2235 homedir_v[0] = NULL;
2237 winProfile_v[0] = NULL;
2239 ADD_ATTR("profilePath", winProfile_v, operation);
2240 ADD_ATTR("homeDrive", drives_v, operation);
2241 ADD_ATTR("homeDirectory", homedir_v, operation);
2244 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2245 if (rc != LDAP_SUCCESS)
2247 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
2248 fs_name, ldap_err2string(rc));
2250 for (i = 0; i < n; i++)
2256 int user_create(int ac, char **av, void *ptr)
2260 char user_name[256];
2262 char *cn_v[] = {NULL, NULL};
2263 char *objectClass_v[] = {"top", "person",
2264 "organizationalPerson",
2267 char *samAccountName_v[] = {NULL, NULL};
2268 char *altSecurityIdentities_v[] = {NULL, NULL};
2269 char *name_v[] = {NULL, NULL};
2270 char *desc_v[] = {NULL, NULL};
2272 char *userPrincipalName_v[] = {NULL, NULL};
2273 char *userAccountControl_v[] = {NULL, NULL};
2274 char *uid_v[] = {NULL, NULL};
2275 char *mitid_v[] = {NULL, NULL};
2276 char userAccountControlStr[80];
2278 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2283 char filter_exp[256];
2284 char *attr_array[3];
2289 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2290 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2292 if (!strncmp(av[U_NAME], "#", 1))
2294 if (!check_string(av[U_NAME]))
2296 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
2300 strcpy(user_name, av[U_NAME]);
2301 sprintf(upn, "%s@%s", user_name, ldap_domain);
2302 sprintf(sam_name, "%s", av[U_NAME]);
2303 samAccountName_v[0] = sam_name;
2304 if (atoi(av[U_STATE]) == US_DELETED)
2305 userAccountControl |= UF_ACCOUNTDISABLE;
2306 sprintf(userAccountControlStr, "%ld", userAccountControl);
2307 userAccountControl_v[0] = userAccountControlStr;
2308 userPrincipalName_v[0] = upn;
2310 cn_v[0] = user_name;
2311 name_v[0] = user_name;
2312 desc_v[0] = "Auto account created by Moira";
2313 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2314 altSecurityIdentities_v[0] = temp;
2315 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2318 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2319 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2320 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2321 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2322 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2323 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2324 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2325 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2326 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2327 if (strlen(av[U_UID]) != 0)
2329 uid_v[0] = av[U_UID];
2330 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2331 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2333 if (strlen(av[U_MITID]) != 0)
2334 mitid_v[0] = av[U_MITID];
2336 mitid_v[0] = "none";
2337 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2340 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2341 for (i = 0; i < n; i++)
2343 if (rc == LDAP_ALREADY_EXISTS)
2346 rc = user_change_status((LDAP *)call_args[0], call_args[1], av[U_NAME], MEMBER_ACTIVATE);
2349 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2351 com_err(whoami, 0, "could not create user %s : %s",
2352 user_name, ldap_err2string(rc));
2355 if (rc == LDAP_SUCCESS)
2357 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2359 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
2363 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2364 attr_array[0] = "objectSid";
2365 attr_array[1] = NULL;
2367 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2368 sid_ptr, &sid_count)) == LDAP_SUCCESS)
2372 (*sid_ptr)->member = strdup(av[U_NAME]);
2373 (*sid_ptr)->type = (char *)USERS;
2374 sid_ptr = &(*sid_ptr)->next;
2380 int user_change_status(LDAP *ldap_handle, char *dn_path, char *user_name, int operation)
2382 char filter_exp[1024];
2383 char *attr_array[3];
2385 char distinguished_name[1024];
2388 LK_ENTRY *group_base;
2395 if (!check_string(user_name))
2397 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2403 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2404 attr_array[0] = "UserAccountControl";
2405 attr_array[1] = NULL;
2406 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2407 &group_base, &group_count)) != 0)
2409 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2410 user_name, ldap_err2string(rc));
2414 if (group_count != 1)
2416 linklist_free(group_base);
2417 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2419 return(LDAP_NO_SUCH_OBJECT);
2422 strcpy(distinguished_name, group_base->dn);
2423 ulongValue = atoi((*group_base).value);
2424 if (operation == MEMBER_DEACTIVATE)
2425 ulongValue |= UF_ACCOUNTDISABLE;
2427 ulongValue &= ~UF_ACCOUNTDISABLE;
2428 sprintf(temp, "%ld", ulongValue);
2429 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2430 temp, &modvalues, REPLACE)) == 1)
2432 linklist_free(group_base);
2436 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2438 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2439 for (i = 0; i < n; i++)
2441 free_values(modvalues);
2442 if (rc != LDAP_SUCCESS)
2444 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
2445 user_name, ldap_err2string(rc));
2451 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2453 char filter_exp[1024];
2454 char *attr_array[3];
2455 char distinguished_name[1024];
2456 char user_name[512];
2457 LK_ENTRY *group_base;
2461 if (!check_string(u_name))
2463 strcpy(user_name, u_name);
2466 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2467 attr_array[0] = "name";
2468 attr_array[1] = NULL;
2469 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2470 &group_base, &group_count)) != 0)
2472 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2473 user_name, ldap_err2string(rc));
2477 if (group_count != 1)
2479 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2484 strcpy(distinguished_name, group_base->dn);
2485 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2487 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2488 user_name, ldap_err2string(rc));
2492 linklist_free(group_base);
2496 void linklist_free(LK_ENTRY *linklist_base)
2498 LK_ENTRY *linklist_previous;
2500 while (linklist_base != NULL)
2502 if (linklist_base->dn != NULL)
2503 free(linklist_base->dn);
2504 if (linklist_base->attribute != NULL)
2505 free(linklist_base->attribute);
2506 if (linklist_base->value != NULL)
2507 free(linklist_base->value);
2508 if (linklist_base->member != NULL)
2509 free(linklist_base->member);
2510 if (linklist_base->type != NULL)
2511 free(linklist_base->type);
2512 if (linklist_base->list != NULL)
2513 free(linklist_base->list);
2514 linklist_previous = linklist_base;
2515 linklist_base = linklist_previous->next;
2516 free(linklist_previous);
2520 void free_values(char **modvalues)
2525 if (modvalues != NULL)
2527 while (modvalues[i] != NULL)
2530 modvalues[i] = NULL;
2537 int sid_update(LDAP *ldap_handle, char *dn_path)
2541 unsigned char temp[126];
2548 memset(temp, 0, sizeof(temp));
2549 convert_b_to_a(temp, ptr->value, ptr->length);
2550 av[0] = ptr->member;
2552 if (ptr->type == (char *)GROUPS)
2555 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2557 else if (ptr->type == (char *)USERS)
2560 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2567 void convert_b_to_a(char *string, UCHAR *binary, int length)
2574 for (i = 0; i < length; i++)
2581 if (string[j] > '9')
2584 string[j] = tmp & 0x0f;
2586 if (string[j] > '9')
2593 static int illegalchars[] = {
2594 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2595 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2596 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2597 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2598 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2599 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2600 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2601 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2602 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2603 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2604 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2605 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2606 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2607 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2608 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2609 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2612 int check_string(char *s)
2619 if (isupper(character))
2620 character = tolower(character);
2621 if (illegalchars[(unsigned) character])
2627 int mr_connect_cl(char *server, char *client, int version, int auth)
2633 status = mr_connect(server);
2636 com_err(whoami, status, "while connecting to Moira");
2640 status = mr_motd(&motd);
2644 com_err(whoami, status, "while checking server status");
2649 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
2650 com_err(whoami, status, temp);
2655 status = mr_version(version);
2658 if (status == MR_UNKNOWN_PROC)
2661 status = MR_VERSION_HIGH;
2663 status = MR_SUCCESS;
2666 if (status == MR_VERSION_HIGH)
2668 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2669 com_err(whoami, 0, "Some operations may not work.");
2671 else if (status && status != MR_VERSION_LOW)
2673 com_err(whoami, status, "while setting query version number.");
2681 status = mr_auth(client);
2684 com_err(whoami, status, "while authenticating to Moira.");
2693 void AfsToWinAfs(char* path, char* winPath)
2697 strcpy(winPath, WINAFS);
2698 pathPtr = path + strlen(AFS);
2699 winPathPtr = winPath + strlen(WINAFS);
2703 if (*pathPtr == '/')
2706 *winPathPtr = *pathPtr;