2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define CFG_PATH "/moira/winad/"
145 #define WINADCFG "winad.cfg"
146 #define strnicmp(A,B,C) strncasecmp(A,B,C)
147 #define UCHAR unsigned char
149 #define UF_SCRIPT 0x0001
150 #define UF_ACCOUNTDISABLE 0x0002
151 #define UF_HOMEDIR_REQUIRED 0x0008
152 #define UF_LOCKOUT 0x0010
153 #define UF_PASSWD_NOTREQD 0x0020
154 #define UF_PASSWD_CANT_CHANGE 0x0040
155 #define UF_DONT_EXPIRE_PASSWD 0x10000
157 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
158 #define UF_NORMAL_ACCOUNT 0x0200
159 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
160 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
161 #define UF_SERVER_TRUST_ACCOUNT 0x2000
163 #define OWNER_SECURITY_INFORMATION (0x00000001L)
164 #define GROUP_SECURITY_INFORMATION (0x00000002L)
165 #define DACL_SECURITY_INFORMATION (0x00000004L)
166 #define SACL_SECURITY_INFORMATION (0x00000008L)
169 #define BYTE unsigned char
171 typedef unsigned int DWORD;
172 typedef unsigned long ULONG;
177 unsigned short Data2;
178 unsigned short Data3;
179 unsigned char Data4[8];
182 typedef struct _SID_IDENTIFIER_AUTHORITY {
184 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
186 typedef struct _SID {
188 BYTE SubAuthorityCount;
189 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
190 DWORD SubAuthority[512];
195 #define WINADCFG "winad.cfg"
203 #define WINAFS "\\\\afs\\all\\"
205 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
206 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
207 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
208 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
209 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
211 #define QUERY_VERSION -1
212 #define PRIMARY_REALM "ATHENA.MIT.EDU"
213 #define PRIMARY_DOMAIN "win.mit.edu"
214 #define PRODUCTION_PRINCIPAL "sms"
215 #define TEST_PRINCIPAL "smstest"
224 #define MEMBER_REMOVE 2
225 #define MEMBER_CHANGE_NAME 3
226 #define MEMBER_ACTIVATE 4
227 #define MEMBER_DEACTIVATE 5
228 #define MEMBER_CREATE 6
230 #define MOIRA_ALL 0x0
231 #define MOIRA_USERS 0x1
232 #define MOIRA_KERBEROS 0x2
233 #define MOIRA_STRINGS 0x4
234 #define MOIRA_LISTS 0x8
236 #define CHECK_GROUPS 1
237 #define CLEANUP_GROUPS 2
239 #define AD_NO_GROUPS_FOUND -1
240 #define AD_WRONG_GROUP_DN_FOUND -2
241 #define AD_MULTIPLE_GROUPS_FOUND -3
242 #define AD_INVALID_NAME -4
243 #define AD_LDAP_FAILURE -5
244 #define AD_INVALID_FILESYS -6
245 #define AD_NO_ATTRIBUTE_FOUND -7
246 #define AD_NO_OU_FOUND -8
247 #define AD_NO_USER_FOUND -9
249 /* container arguments */
250 #define CONTAINER_NAME 0
251 #define CONTAINER_DESC 1
252 #define CONTAINER_LOCATION 2
253 #define CONTAINER_CONTACT 3
254 #define CONTAINER_TYPE 4
255 #define CONTAINER_ID 5
256 #define CONTAINER_ROWID 6
257 #define CONTAINER_GROUP_NAME 7
259 /*mcntmap arguments*/
260 #define OU_MACHINE_NAME 0
261 #define OU_CONTAINER_NAME 1
262 #define OU_MACHINE_ID 2
263 #define OU_CONTAINER_ID 3
264 #define OU_CONTAINER_GROUP 4
266 typedef struct lk_entry {
276 struct lk_entry *next;
279 #define STOP_FILE "/moira/winad/nowinad"
280 #define file_exists(file) (access((file), F_OK) == 0)
282 #define N_SD_BER_BYTES 5
283 #define LDAP_BERVAL struct berval
284 #define MAX_SERVER_NAMES 32
286 #define HIDDEN_GROUP "HiddenGroup.g"
287 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
288 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
289 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
291 #define ADD_ATTR(t, v, o) \
292 mods[n] = malloc(sizeof(LDAPMod)); \
293 mods[n]->mod_op = o; \
294 mods[n]->mod_type = t; \
295 mods[n++]->mod_values = v
297 #define DEL_ATTR(t, o) \
298 DelMods[i] = malloc(sizeof(LDAPMod)); \
299 DelMods[i]->mod_op = o; \
300 DelMods[i]->mod_type = t; \
301 DelMods[i++]->mod_values = NULL
303 #define DOMAIN_SUFFIX "MIT.EDU"
304 #define DOMAIN "DOMAIN:"
305 #define PRINCIPALNAME "PRINCIPAL:"
306 #define SERVER "SERVER:"
309 #define MAX_DOMAINS 10
310 char DomainNames[MAX_DOMAINS][128];
312 char PrincipalName[128];
314 #define KRB5CCNAME "KRB5CCNAME=/tmp/krb5cc_winad.incr"
315 #define KRBTKFILE "KRBTKFILE=/tmp/tkt_winad.incr"
316 #define KEYTABFILE "/etc/krb5.keytab"
318 #define KRB5CCNAME "KRB5CCNAME=\\tmp\\krb5cc_winad.incr"
319 #define KRBTKFILE "KRBTKFILE=\\tmp\\tkt_winad.incr"
320 #define KEYTABFILE "\\keytabs\\krb5.keytab"
323 LK_ENTRY *member_base = NULL;
324 static char tbl_buf[1024];
325 char kerberos_ou[] = "OU=kerberos,OU=moira";
326 char contact_ou[] = "OU=strings,OU=moira";
327 char user_ou[] = "OU=users,OU=moira";
328 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
329 char group_ou_root[] = "OU=lists,OU=moira";
330 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
331 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
332 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
333 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
334 char orphans_other_ou[] = "OU=Other,OU=Orphans";
335 char security_template_ou[] = "OU=security_templates";
337 char ldap_domain[256];
338 char *ServerList[MAX_SERVER_NAMES];
339 int mr_connections = 0;
341 char default_server[256];
342 static char tbl_buf[1024];
344 int NoChangeConfigFile;
345 int UpdateDomainList;
347 extern int set_password(char *user, char *password, char *domain);
349 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
350 char *group_membership, char *MoiraId, char *attribute,
351 LK_ENTRY **linklist_base, int *linklist_count,
353 void AfsToWinAfs(char* path, char* winPath);
354 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
355 char *Win2kPassword, char *Win2kUser, char *default_server,
356 int connect_to_kdc, char **ServerList);
357 void ad_kdc_disconnect();
358 int ad_server_connect(char *connectedServer, char *domain);
359 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
360 char *attribute_value, char *attribute, char *user_name);
361 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
362 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
363 int check_winad(void);
364 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
366 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
367 char *distinguishedName, int count, char **av);
368 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
369 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
370 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
371 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
372 char *distinguishedName, int count, char **av);
373 void container_get_dn(char *src, char *dest);
374 void container_get_name(char *src, char *dest);
375 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
376 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
377 int afterc, char **after);
378 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
379 int afterc, char **after);
381 int GetAceInfo(int ac, char **av, void *ptr);
382 int GetServerList(char *ldap_domain, char **MasterServe);
383 int get_group_membership(char *group_membership, char *group_ou,
384 int *security_flag, char **av);
385 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
386 int Moira_container_group_create(char **after);
387 int Moira_container_group_delete(char **before);
388 int Moira_groupname_create(char *GroupName, char *ContainerName,
389 char *ContainerRowID);
390 int Moira_container_group_update(char **before, char **after);
391 int Moira_process_machine_container_group(char *MachineName, char* groupName,
393 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
394 int Moira_getContainerGroup(int ac, char **av, void *ptr);
395 int Moira_getGroupName(char *origContainerName, char *GroupName,
397 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
398 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
399 int UpdateGroup, int *ProcessGroup);
400 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
401 char *group_name, char *group_ou, char *group_membership,
402 int group_security_flag, int type);
403 int process_lists(int ac, char **av, void *ptr);
404 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
405 int HiddenGroup, char *AceType, char *AceName);
406 int ProcessMachineName(int ac, char **av, void *ptr);
407 int ReadConfigFile(char *DomainName);
408 int ReadDomainList();
409 void StringTrim(char *StringToTrim);
410 int user_create(int ac, char **av, void *ptr);
411 int user_change_status(LDAP *ldap_handle, char *dn_path,
412 char *user_name, char *MoiraId, int operation);
413 int user_delete(LDAP *ldap_handle, char *dn_path,
414 char *u_name, char *MoiraId);
415 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
417 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
418 char *uid, char *MitId, char *MoiraId, int State,
419 char *WinHomeDir, char *WinProfileDir);
420 void change_to_lower_case(char *ptr);
421 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
422 int group_create(int ac, char **av, void *ptr);
423 int group_delete(LDAP *ldap_handle, char *dn_path,
424 char *group_name, char *group_membership, char *MoiraId);
425 int group_rename(LDAP *ldap_handle, char *dn_path,
426 char *before_group_name, char *before_group_membership,
427 char *before_group_ou, int before_security_flag, char *before_desc,
428 char *after_group_name, char *after_group_membership,
429 char *after_group_ou, int after_security_flag, char *after_desc,
430 char *MoiraId, char *filter);
431 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
432 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
433 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
434 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
435 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
436 char *group_name, char *group_ou, char *group_membership,
437 int group_security_flag, int updateGroup);
438 int member_list_build(int ac, char **av, void *ptr);
439 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
440 char *group_ou, char *group_membership,
441 char *user_name, char *pUserOu, char *MoiraId);
442 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
443 char *group_ou, char *group_membership, char *user_name,
444 char *pUserOu, char *MoiraId);
445 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
446 char *group_ou, char *group_membership,
447 int group_security_flag, char *MoiraId);
448 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
449 char *WinHomeDir, char *WinProfileDir,
450 char **homedir_v, char **winProfile_v,
451 char **drives_v, LDAPMod **mods,
453 int sid_update(LDAP *ldap_handle, char *dn_path);
454 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
455 int check_string(char *s);
456 int check_container_name(char* s);
458 int mr_connect_cl(char *server, char *client, int version, int auth);
459 void WriteDomainList();
460 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
461 char **before, int beforec, char **after, int afterc);
462 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
463 char **before, int beforec, char **after, int afterc);
464 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
465 char **before, int beforec, char **after, int afterc);
466 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
467 char **before, int beforec, char **after, int afterc);
468 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
469 char **before, int beforec, char **after, int afterc);
470 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
471 char **before, int beforec, char **after, int afterc);
472 int linklist_create_entry(char *attribute, char *value,
473 LK_ENTRY **linklist_entry);
474 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
475 char **attr_array, LK_ENTRY **linklist_base,
476 int *linklist_count, unsigned long ScopeType);
477 void linklist_free(LK_ENTRY *linklist_base);
479 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
480 char *distinguished_name, LK_ENTRY **linklist_current);
481 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
482 LK_ENTRY **linklist_base, int *linklist_count);
483 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
484 char *Attribute, char *distinguished_name,
485 LK_ENTRY **linklist_current);
487 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
488 char *oldValue, char *newValue,
489 char ***modvalues, int type);
490 void free_values(char **modvalues);
492 int convert_domain_to_dn(char *domain, char **bind_path);
493 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
494 char *distinguished_name);
495 int moira_disconnect(void);
496 int moira_connect(void);
497 void print_to_screen(const char *fmt, ...);
498 int GetMachineName(char *MachineName);
499 int tickets_get_k5();
501 int destroy_cache(void);
504 int main(int argc, char **argv)
520 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
524 com_err(whoami, 0, "Unable to process %s", "argc < 4");
528 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
530 com_err(whoami, 0, "Unable to process %s", "argc < (4 + beforec + afterc)");
534 if (!strcmp(argv[1], "filesys"))
537 for (i = 1; i < argc; i++)
539 strcat(tbl_buf, argv[i]);
540 strcat(tbl_buf, " ");
542 com_err(whoami, 0, "%s", tbl_buf);
546 com_err(whoami, 0, "%s failed", "check_winad()");
552 com_err(whoami, 0, "%s failed", "get_tickets()");
556 initialize_sms_error_table();
557 initialize_krb_error_table();
559 UpdateDomainList = 0;
560 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
561 if (ReadDomainList())
563 com_err(whoami, 0, "%s failed", "ReadDomainList()");
567 for (i = 0; i < argc; i++)
570 for (k = 0; k < MAX_DOMAINS; k++)
572 if (strlen(DomainNames[k]) == 0)
574 for (i = 0; i < argc; i++)
576 if (orig_argv[i] != NULL)
578 orig_argv[i] = strdup(argv[i]);
581 memset(PrincipalName, '\0', sizeof(PrincipalName));
582 memset(ldap_domain, '\0', sizeof(ldap_domain));
583 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
584 memset(default_server, '\0', sizeof(default_server));
585 memset(dn_path, '\0', sizeof(dn_path));
587 NoChangeConfigFile = 0;
588 beforec = atoi(orig_argv[2]);
589 afterc = atoi(orig_argv[3]);
590 table = orig_argv[1];
591 before = &orig_argv[4];
592 after = &orig_argv[4 + beforec];
600 if (ReadConfigFile(DomainNames[k]))
605 OldUseSFU30 = UseSFU30;
607 for (i = 0; i < 5; i++)
609 ldap_handle = (LDAP *)NULL;
610 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
611 default_server, 1, ServerList)))
613 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
617 if (ldap_handle == NULL)
619 if (!NoChangeConfigFile)
621 for (j = 0; j < MAX_SERVER_NAMES; j++)
623 if (ServerList[j] != NULL)
626 ServerList[j] = NULL;
629 if (rc = GetServerList(ldap_domain, ServerList))
631 com_err("incremental", 0,
632 "winad.incr cannot bind to any server in domain %s",
640 if ((rc) || (ldap_handle == NULL))
642 critical_alert("incremental",
643 "winad.incr cannot connect to any server in domain %s",
648 for (i = 0; i < (int)strlen(table); i++)
649 table[i] = tolower(table[i]);
651 if (!strcmp(table, "users"))
652 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
654 else if (!strcmp(table, "list"))
655 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
657 else if (!strcmp(table, "imembers"))
658 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
660 else if (!strcmp(table, "containers"))
661 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
663 else if (!strcmp(table, "mcntmap"))
664 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
666 if (!NoChangeConfigFile)
667 GetServerList(ldap_domain, ServerList);
671 for (i = 0; i < MAX_SERVER_NAMES; i++)
673 if (ServerList[i] != NULL)
676 ServerList[i] = NULL;
680 rc = ldap_unbind_s(ldap_handle);
683 if (UpdateDomainList == 1)
690 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
691 char **before, int beforec, char **after, int afterc)
693 char MoiraContainerName[128];
694 char ADContainerName[128];
695 char MachineName[1024];
696 char OriginalMachineName[1024];
699 char MoiraContainerGroup[64];
702 memset(ADContainerName, '\0', sizeof(ADContainerName));
703 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
705 if ((beforec == 0) && (afterc == 0))
708 if (rc = moira_connect())
710 critical_alert("AD incremental",
711 "Error contacting Moira server : %s",
716 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
718 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
719 strcpy(MachineName, before[OU_MACHINE_NAME]);
720 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
722 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
724 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
726 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
727 strcpy(MachineName, after[OU_MACHINE_NAME]);
728 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
729 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
737 rc = GetMachineName(MachineName);
738 if (strlen(MachineName) == 0)
741 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
744 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
746 if (machine_check(ldap_handle, dn_path, MachineName))
748 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
752 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
753 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
754 if (strlen(MoiraContainerName) == 0)
756 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
757 OriginalMachineName, MachineName);
758 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
762 container_get_dn(MoiraContainerName, ADContainerName);
763 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
764 strcat(MoiraContainerName, "/");
765 container_check(ldap_handle, dn_path, MoiraContainerName);
766 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
771 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
772 char **before, int beforec, char **after, int afterc)
776 if ((beforec == 0) && (afterc == 0))
779 if (rc = moira_connect())
781 critical_alert("AD incremental", "Error contacting Moira server : %s",
786 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
788 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
789 container_delete(ldap_handle, dn_path, beforec, before);
790 Moira_container_group_delete(before);
794 if ((beforec == 0) && (afterc != 0)) /*create a container*/
796 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
797 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
798 container_create(ldap_handle, dn_path, afterc, after);
799 Moira_container_group_create(after);
804 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
806 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
807 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
808 Moira_container_group_update(before, after);
812 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
813 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
814 Moira_container_group_update(before, after);
820 #define L_LIST_DESC 9
823 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
824 char **before, int beforec, char **after, int afterc)
829 char group_membership[6];
834 char before_list_id[32];
835 char before_group_membership[1];
836 int before_security_flag;
837 char before_group_ou[256];
838 LK_ENTRY *ptr = NULL;
840 if (beforec == 0 && afterc == 0)
843 memset(list_id, '\0', sizeof(list_id));
844 memset(before_list_id, '\0', sizeof(before_list_id));
845 memset(before_group_ou, '\0', sizeof(before_group_ou));
846 memset(before_group_membership, '\0', sizeof(before_group_membership));
847 memset(group_ou, '\0', sizeof(group_ou));
848 memset(group_membership, '\0', sizeof(group_membership));
853 if (beforec < L_LIST_ID)
855 if (beforec > L_LIST_DESC)
857 strcpy(before_list_id, before[L_LIST_ID]);
859 before_security_flag = 0;
860 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
864 if (afterc < L_LIST_ID)
866 if (afterc > L_LIST_DESC)
868 strcpy(list_id, after[L_LIST_ID]);
871 get_group_membership(group_membership, group_ou, &security_flag, after);
874 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
881 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
882 before_group_ou, before_group_membership,
883 before_security_flag, CHECK_GROUPS)))
885 if (rc == AD_NO_GROUPS_FOUND)
889 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
891 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
892 before_group_ou, before_group_membership,
893 before_security_flag, CLEANUP_GROUPS);
895 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
897 com_err(whoami, 0, "Unable to process list %s",
901 if (rc == AD_NO_GROUPS_FOUND)
907 if ((beforec != 0) && (afterc != 0))
909 if (((strcmp(after[L_NAME], before[L_NAME])) ||
910 ((!strcmp(after[L_NAME], before[L_NAME])) &&
911 (strcmp(before_group_ou, group_ou)))) &&
914 com_err(whoami, 0, "Changing list name from %s to %s",
915 before[L_NAME], after[L_NAME]);
916 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
917 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
919 com_err(whoami, 0, "%s", "Unable to find the group OU's");
922 memset(filter, '\0', sizeof(filter));
923 if ((rc = group_rename(ldap_handle, dn_path,
924 before[L_NAME], before_group_membership,
925 before_group_ou, before_security_flag, before[L_LIST_DESC],
926 after[L_NAME], group_membership,
927 group_ou, security_flag, after[L_LIST_DESC],
930 if (rc != AD_NO_GROUPS_FOUND)
932 com_err(whoami, 0, "Unable to change list name from %s to %s",
933 before[L_NAME], after[L_NAME]);
946 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
948 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
951 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
952 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
953 before_group_membership, before_list_id);
960 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
961 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
962 group_ou, group_membership,
963 security_flag, CHECK_GROUPS))
965 if (rc != AD_NO_GROUPS_FOUND)
967 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
969 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
970 group_ou, group_membership,
971 security_flag, CLEANUP_GROUPS);
975 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
982 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
984 if (rc = moira_connect())
986 critical_alert("AD incremental",
987 "Error contacting Moira server : %s",
993 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
997 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1000 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1001 group_ou, group_membership, security_flag, updateGroup))
1006 if (atoi(after[L_ACTIVE]))
1008 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1009 group_membership, security_flag, list_id);
1016 #define LM_EXTRA_ACTIVE (LM_END)
1017 #define LM_EXTRA_PUBLIC (LM_END+1)
1018 #define LM_EXTRA_HIDDEN (LM_END+2)
1019 #define LM_EXTRA_MAILLIST (LM_END+3)
1020 #define LM_EXTRA_GROUP (LM_END+4)
1021 #define LM_EXTRA_GID (LM_END+5)
1022 #define LMN_LIST_ID (LM_END+6)
1023 #define LM_LIST_ID (LM_END+7)
1024 #define LM_USER_ID (LM_END+8)
1025 #define LM_EXTRA_END (LM_END+9)
1027 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1028 char **before, int beforec, char **after, int afterc)
1030 char group_name[128];
1031 char user_name[128];
1032 char user_type[128];
1033 char moira_list_id[32];
1034 char moira_user_id[32];
1035 char group_membership[1];
1037 char machine_ou[256];
1043 char NewMachineName[1024];
1050 memset(moira_list_id, '\0', sizeof(moira_list_id));
1051 memset(moira_user_id, '\0', sizeof(moira_user_id));
1054 if (afterc < LM_EXTRA_GID)
1056 if (!atoi(after[LM_EXTRA_ACTIVE]))
1058 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
1062 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1064 strcpy(user_name, after[LM_MEMBER]);
1065 strcpy(group_name, after[LM_LIST]);
1066 strcpy(user_type, after[LM_TYPE]);
1067 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1069 if (afterc > LM_EXTRA_GROUP)
1071 strcpy(moira_list_id, after[LMN_LIST_ID]);
1072 strcpy(moira_user_id, after[LM_LIST_ID]);
1075 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1077 if (afterc > LMN_LIST_ID)
1079 strcpy(moira_list_id, after[LM_LIST_ID]);
1080 strcpy(moira_user_id, after[LM_USER_ID]);
1085 if (afterc > LM_EXTRA_GID)
1086 strcpy(moira_list_id, after[LMN_LIST_ID]);
1091 if (beforec < LM_EXTRA_GID)
1093 if (!atoi(before[LM_EXTRA_ACTIVE]))
1095 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1099 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1101 strcpy(user_name, before[LM_MEMBER]);
1102 strcpy(group_name, before[LM_LIST]);
1103 strcpy(user_type, before[LM_TYPE]);
1104 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1106 if (beforec > LM_EXTRA_GROUP)
1108 strcpy(moira_list_id, before[LMN_LIST_ID]);
1109 strcpy(moira_user_id, before[LM_LIST_ID]);
1112 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1114 if (beforec > LMN_LIST_ID)
1116 strcpy(moira_list_id, before[LM_LIST_ID]);
1117 strcpy(moira_user_id, before[LM_USER_ID]);
1122 if (beforec > LM_EXTRA_GID)
1123 strcpy(moira_list_id, before[LMN_LIST_ID]);
1129 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1133 args[L_NAME] = ptr[LM_LIST];
1134 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1135 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1136 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1137 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1138 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1139 args[L_GID] = ptr[LM_EXTRA_GID];
1142 memset(group_ou, '\0', sizeof(group_ou));
1143 get_group_membership(group_membership, group_ou, &security_flag, args);
1144 if (strlen(group_ou) == 0)
1146 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1149 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1151 if (rc != AD_NO_GROUPS_FOUND)
1153 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1155 if (rc != AD_NO_GROUPS_FOUND)
1158 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1160 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1166 if (rc == AD_NO_GROUPS_FOUND)
1168 if (rc = moira_connect())
1170 critical_alert("AD incremental",
1171 "Error contacting Moira server : %s",
1176 com_err(whoami, 0, "creating group %s", group_name);
1178 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1182 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1185 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1186 group_ou, group_membership, security_flag, 0))
1191 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1193 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1194 group_membership, security_flag, moira_list_id);
1201 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1203 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1205 memset(machine_ou, '\0', sizeof(machine_ou));
1206 memset(NewMachineName, '\0', sizeof(NewMachineName));
1207 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1209 if (ptr[LM_MEMBER] != NULL)
1210 free(ptr[LM_MEMBER]);
1211 ptr[LM_MEMBER] = strdup(NewMachineName);
1212 pUserOu = machine_ou;
1214 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1216 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1218 pUserOu = contact_ou;
1220 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1222 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1224 pUserOu = kerberos_ou;
1226 if (rc = member_remove(ldap_handle, dn_path, group_name,
1227 group_ou, group_membership, ptr[LM_MEMBER],
1228 pUserOu, moira_list_id))
1229 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1233 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1236 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1238 memset(machine_ou, '\0', sizeof(machine_ou));
1239 memset(NewMachineName, '\0', sizeof(NewMachineName));
1240 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1242 if (ptr[LM_MEMBER] != NULL)
1243 free(ptr[LM_MEMBER]);
1244 ptr[LM_MEMBER] = strdup(NewMachineName);
1245 pUserOu = machine_ou;
1247 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1249 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1251 pUserOu = contact_ou;
1253 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1255 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1257 pUserOu = kerberos_ou;
1259 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1261 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1262 moira_user_id)) == AD_NO_USER_FOUND)
1264 if (rc = moira_connect())
1266 critical_alert("AD incremental",
1267 "Error connection to Moira : %s",
1271 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1272 av[0] = ptr[LM_MEMBER];
1273 call_args[0] = (char *)ldap_handle;
1274 call_args[1] = dn_path;
1275 call_args[2] = moira_user_id;
1276 call_args[3] = NULL;
1279 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1283 com_err(whoami, 0, "Unable to create user %s : %s",
1284 ptr[LM_MEMBER], error_message(rc));
1290 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1302 if (rc = member_add(ldap_handle, dn_path, group_name,
1303 group_ou, group_membership, ptr[LM_MEMBER],
1304 pUserOu, moira_list_id))
1306 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1312 #define U_USER_ID 10
1313 #define U_HOMEDIR 11
1314 #define U_PROFILEDIR 12
1316 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1317 char **before, int beforec, char **after,
1322 char after_user_id[32];
1323 char before_user_id[32];
1326 if ((beforec == 0) && (afterc == 0))
1329 memset(after_user_id, '\0', sizeof(after_user_id));
1330 memset(before_user_id, '\0', sizeof(before_user_id));
1331 if (beforec > U_USER_ID)
1332 strcpy(before_user_id, before[U_USER_ID]);
1333 if (afterc > U_USER_ID)
1334 strcpy(after_user_id, after[U_USER_ID]);
1336 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1339 if ((beforec == 0) && (afterc != 0))
1341 /*this case only happens when the account*/
1342 /*account is first created but not usable*/
1343 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1346 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1348 if (atoi(before[U_STATE]) == 0)
1350 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1351 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1355 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1360 /*process anything that gets here*/
1361 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1362 before_user_id)) == AD_NO_USER_FOUND)
1364 if (!check_string(after[U_NAME]))
1366 if (rc = moira_connect())
1368 critical_alert("AD incremental",
1369 "Error connection to Moira : %s",
1373 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1375 av[0] = after[U_NAME];
1376 call_args[0] = (char *)ldap_handle;
1377 call_args[1] = dn_path;
1378 call_args[2] = after_user_id;
1379 call_args[3] = NULL;
1381 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1385 com_err(whoami, 0, "Unable to create user %s : %s",
1386 after[U_NAME], error_message(rc));
1392 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1402 if (strcmp(before[U_NAME], after[U_NAME]))
1404 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1406 com_err(whoami, 0, "changing user %s to %s",
1407 before[U_NAME], after[U_NAME]);
1408 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1409 after[U_NAME])) != LDAP_SUCCESS)
1415 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1416 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1417 after[U_UID], after[U_MITID],
1418 after_user_id, atoi(after[U_STATE]),
1419 after[U_HOMEDIR], after[U_PROFILEDIR]);
1423 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1424 char *oldValue, char *newValue,
1425 char ***modvalues, int type)
1427 LK_ENTRY *linklist_ptr;
1431 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1436 for (i = 0; i < (modvalue_count + 1); i++)
1437 (*modvalues)[i] = NULL;
1438 if (modvalue_count != 0)
1440 linklist_ptr = linklist_base;
1441 for (i = 0; i < modvalue_count; i++)
1443 if ((oldValue != NULL) && (newValue != NULL))
1445 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1448 if (type == REPLACE)
1450 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1453 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1454 strcpy((*modvalues)[i], newValue);
1458 if (((*modvalues)[i] = calloc(1,
1459 (int)(cPtr - linklist_ptr->value) +
1460 (linklist_ptr->length - strlen(oldValue)) +
1461 strlen(newValue) + 1)) == NULL)
1463 memset((*modvalues)[i], '\0',
1464 (int)(cPtr - linklist_ptr->value) +
1465 (linklist_ptr->length - strlen(oldValue)) +
1466 strlen(newValue) + 1);
1467 memcpy((*modvalues)[i], linklist_ptr->value,
1468 (int)(cPtr - linklist_ptr->value));
1469 strcat((*modvalues)[i], newValue);
1470 strcat((*modvalues)[i],
1471 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1476 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1477 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1478 memcpy((*modvalues)[i], linklist_ptr->value,
1479 linklist_ptr->length);
1484 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1485 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1486 memcpy((*modvalues)[i], linklist_ptr->value,
1487 linklist_ptr->length);
1489 linklist_ptr = linklist_ptr->next;
1491 (*modvalues)[i] = NULL;
1497 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1498 char **attr_array, LK_ENTRY **linklist_base,
1499 int *linklist_count, unsigned long ScopeType)
1502 LDAPMessage *ldap_entry;
1506 (*linklist_base) = NULL;
1507 (*linklist_count) = 0;
1508 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1509 search_exp, attr_array, 0, &ldap_entry))
1512 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1516 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1518 ldap_msgfree(ldap_entry);
1523 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1524 LK_ENTRY **linklist_base, int *linklist_count)
1526 char distinguished_name[1024];
1527 LK_ENTRY *linklist_ptr;
1530 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1533 memset(distinguished_name, '\0', sizeof(distinguished_name));
1534 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1536 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1537 linklist_base)) != 0)
1540 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1542 memset(distinguished_name, '\0', sizeof(distinguished_name));
1543 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1545 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1546 linklist_base)) != 0)
1550 linklist_ptr = (*linklist_base);
1551 (*linklist_count) = 0;
1552 while (linklist_ptr != NULL)
1554 ++(*linklist_count);
1555 linklist_ptr = linklist_ptr->next;
1560 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1561 char *distinguished_name, LK_ENTRY **linklist_current)
1567 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1569 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1571 ldap_memfree(Attribute);
1572 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1575 retrieve_values(ldap_handle, ldap_entry, Attribute,
1576 distinguished_name, linklist_current);
1577 ldap_memfree(Attribute);
1580 ldap_ber_free(ptr, 0);
1584 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1585 char *Attribute, char *distinguished_name,
1586 LK_ENTRY **linklist_current)
1592 LK_ENTRY *linklist_previous;
1593 LDAP_BERVAL **ber_value;
1601 SID_IDENTIFIER_AUTHORITY *sid_auth;
1602 unsigned char *subauth_count;
1603 #endif /*LDAP_BEGUG*/
1606 memset(temp, '\0', sizeof(temp));
1607 if ((!strcmp(Attribute, "objectSid")) ||
1608 (!strcmp(Attribute, "objectGUID")))
1613 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1614 Ptr = (void **)ber_value;
1619 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1620 Ptr = (void **)str_value;
1627 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1629 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1630 linklist_previous->next = (*linklist_current);
1631 (*linklist_current) = linklist_previous;
1633 if (((*linklist_current)->attribute = calloc(1,
1634 strlen(Attribute) + 1)) == NULL)
1636 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1637 strcpy((*linklist_current)->attribute, Attribute);
1640 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1641 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1643 memset((*linklist_current)->value, '\0', ber_length);
1644 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1646 (*linklist_current)->length = ber_length;
1650 if (((*linklist_current)->value = calloc(1,
1651 strlen(*Ptr) + 1)) == NULL)
1653 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1654 (*linklist_current)->length = strlen(*Ptr);
1655 strcpy((*linklist_current)->value, *Ptr);
1657 (*linklist_current)->ber_value = use_bervalue;
1658 if (((*linklist_current)->dn = calloc(1,
1659 strlen(distinguished_name) + 1)) == NULL)
1661 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1662 strcpy((*linklist_current)->dn, distinguished_name);
1665 if (!strcmp(Attribute, "objectGUID"))
1667 guid = (GUID *)((*linklist_current)->value);
1668 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1669 guid->Data1, guid->Data2, guid->Data3,
1670 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1671 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1672 guid->Data4[6], guid->Data4[7]);
1673 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1675 else if (!strcmp(Attribute, "objectSid"))
1677 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1679 print_to_screen(" Revision = %d\n", sid->Revision);
1680 print_to_screen(" SID Identifier Authority:\n");
1681 sid_auth = &sid->IdentifierAuthority;
1682 if (sid_auth->Value[0])
1683 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1684 else if (sid_auth->Value[1])
1685 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1686 else if (sid_auth->Value[2])
1687 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1688 else if (sid_auth->Value[3])
1689 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1690 else if (sid_auth->Value[5])
1691 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1693 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1694 subauth_count = GetSidSubAuthorityCount(sid);
1695 print_to_screen(" SidSubAuthorityCount = %d\n",
1697 print_to_screen(" SidSubAuthority:\n");
1698 for (i = 0; i < *subauth_count; i++)
1700 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1701 print_to_screen(" %u\n", *subauth);
1705 else if ((!memcmp(Attribute, "userAccountControl",
1706 strlen("userAccountControl"))) ||
1707 (!memcmp(Attribute, "sAMAccountType",
1708 strlen("sAmAccountType"))))
1710 intValue = atoi(*Ptr);
1711 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1712 if (!memcmp(Attribute, "userAccountControl",
1713 strlen("userAccountControl")))
1715 if (intValue & UF_ACCOUNTDISABLE)
1716 print_to_screen(" %20s : %s\n",
1717 "", "Account disabled");
1719 print_to_screen(" %20s : %s\n",
1720 "", "Account active");
1721 if (intValue & UF_HOMEDIR_REQUIRED)
1722 print_to_screen(" %20s : %s\n",
1723 "", "Home directory required");
1724 if (intValue & UF_LOCKOUT)
1725 print_to_screen(" %20s : %s\n",
1726 "", "Account locked out");
1727 if (intValue & UF_PASSWD_NOTREQD)
1728 print_to_screen(" %20s : %s\n",
1729 "", "No password required");
1730 if (intValue & UF_PASSWD_CANT_CHANGE)
1731 print_to_screen(" %20s : %s\n",
1732 "", "Cannot change password");
1733 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1734 print_to_screen(" %20s : %s\n",
1735 "", "Temp duplicate account");
1736 if (intValue & UF_NORMAL_ACCOUNT)
1737 print_to_screen(" %20s : %s\n",
1738 "", "Normal account");
1739 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1740 print_to_screen(" %20s : %s\n",
1741 "", "Interdomain trust account");
1742 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1743 print_to_screen(" %20s : %s\n",
1744 "", "Workstation trust account");
1745 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1746 print_to_screen(" %20s : %s\n",
1747 "", "Server trust account");
1752 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1754 #endif /*LDAP_DEBUG*/
1756 if (str_value != NULL)
1757 ldap_value_free(str_value);
1758 if (ber_value != NULL)
1759 ldap_value_free_len(ber_value);
1761 (*linklist_current) = linklist_previous;
1765 int moira_connect(void)
1770 if (!mr_connections++)
1773 memset(HostName, '\0', sizeof(HostName));
1774 strcpy(HostName, "ttsp");
1775 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1777 rc = mr_connect(HostName);
1782 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1784 rc = mr_connect(uts.nodename);
1789 rc = mr_krb5_auth("winad.incr");
1796 int check_winad(void)
1800 for (i = 0; file_exists(STOP_FILE); i++)
1804 critical_alert("AD incremental",
1805 "WINAD incremental failed (%s exists): %s",
1806 STOP_FILE, tbl_buf);
1814 int moira_disconnect(void)
1817 if (!--mr_connections)
1824 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1825 char *distinguished_name)
1829 CName = ldap_get_dn(ldap_handle, ldap_entry);
1832 strcpy(distinguished_name, CName);
1833 ldap_memfree(CName);
1836 int linklist_create_entry(char *attribute, char *value,
1837 LK_ENTRY **linklist_entry)
1839 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1840 if (!(*linklist_entry))
1844 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1845 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1846 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1847 strcpy((*linklist_entry)->attribute, attribute);
1848 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1849 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1850 strcpy((*linklist_entry)->value, value);
1851 (*linklist_entry)->length = strlen(value);
1852 (*linklist_entry)->next = NULL;
1856 void print_to_screen(const char *fmt, ...)
1860 va_start(pvar, fmt);
1861 vfprintf(stderr, fmt, pvar);
1866 int get_group_membership(char *group_membership, char *group_ou,
1867 int *security_flag, char **av)
1872 maillist_flag = atoi(av[L_MAILLIST]);
1873 group_flag = atoi(av[L_GROUP]);
1874 if (security_flag != NULL)
1875 (*security_flag) = 0;
1877 if ((maillist_flag) && (group_flag))
1879 if (group_membership != NULL)
1880 group_membership[0] = 'B';
1881 if (security_flag != NULL)
1882 (*security_flag) = 1;
1883 if (group_ou != NULL)
1884 strcpy(group_ou, group_ou_both);
1886 else if ((!maillist_flag) && (group_flag))
1888 if (group_membership != NULL)
1889 group_membership[0] = 'S';
1890 if (security_flag != NULL)
1891 (*security_flag) = 1;
1892 if (group_ou != NULL)
1893 strcpy(group_ou, group_ou_security);
1895 else if ((maillist_flag) && (!group_flag))
1897 if (group_membership != NULL)
1898 group_membership[0] = 'D';
1899 if (group_ou != NULL)
1900 strcpy(group_ou, group_ou_distribution);
1904 if (group_membership != NULL)
1905 group_membership[0] = 'N';
1906 if (group_ou != NULL)
1907 strcpy(group_ou, group_ou_neither);
1912 int group_rename(LDAP *ldap_handle, char *dn_path,
1913 char *before_group_name, char *before_group_membership,
1914 char *before_group_ou, int before_security_flag, char *before_desc,
1915 char *after_group_name, char *after_group_membership,
1916 char *after_group_ou, int after_security_flag, char *after_desc,
1917 char *MoiraId, char *filter)
1922 char new_dn_path[512];
1924 char *attr_array[3];
1925 char *mitMoiraId_v[] = {NULL, NULL};
1926 char *name_v[] = {NULL, NULL};
1927 char *samAccountName_v[] = {NULL, NULL};
1928 char *groupTypeControl_v[] = {NULL, NULL};
1929 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1930 char groupTypeControlStr[80];
1934 LK_ENTRY *group_base;
1937 if (!check_string(before_group_name))
1939 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
1940 return(AD_INVALID_NAME);
1942 if (!check_string(after_group_name))
1944 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
1945 return(AD_INVALID_NAME);
1950 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1951 before_group_membership,
1952 MoiraId, "distinguishedName", &group_base,
1953 &group_count, filter))
1956 if (group_count == 0)
1958 return(AD_NO_GROUPS_FOUND);
1960 if (group_count != 1)
1963 "Unable to process multiple groups with MoiraId = %s exist in the AD",
1965 return(AD_MULTIPLE_GROUPS_FOUND);
1967 strcpy(old_dn, group_base->value);
1969 linklist_free(group_base);
1972 attr_array[0] = "sAMAccountName";
1973 attr_array[1] = NULL;
1974 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1975 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
1977 com_err(whoami, 0, "Unable to get list %s dn : %s",
1978 after_group_name, ldap_err2string(rc));
1981 if (group_count != 1)
1984 "Unable to get sAMAccountName for group %s",
1986 return(AD_LDAP_FAILURE);
1989 strcpy(sam_name, group_base->value);
1990 linklist_free(group_base);
1994 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1995 sprintf(new_dn, "cn=%s", after_group_name);
1996 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1997 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1999 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2000 before_group_name, after_group_name, ldap_err2string(rc));
2004 name_v[0] = after_group_name;
2005 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2007 sprintf(sam_name, "%s_group", after_group_name);
2011 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
2012 before_group_name, after_group_name);
2015 samAccountName_v[0] = sam_name;
2016 if (after_security_flag)
2017 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2018 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2019 groupTypeControl_v[0] = groupTypeControlStr;
2020 mitMoiraId_v[0] = MoiraId;
2022 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2023 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
2025 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2026 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2027 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2028 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2030 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2032 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
2033 after_group_name, ldap_err2string(rc));
2035 for (i = 0; i < n; i++)
2040 int group_create(int ac, char **av, void *ptr)
2045 char new_group_name[256];
2046 char sam_group_name[256];
2047 char cn_group_name[256];
2048 char *cn_v[] = {NULL, NULL};
2049 char *objectClass_v[] = {"top", "group", NULL};
2051 char *samAccountName_v[] = {NULL, NULL};
2052 char *altSecurityIdentities_v[] = {NULL, NULL};
2053 char *member_v[] = {NULL, NULL};
2054 char *name_v[] = {NULL, NULL};
2055 char *desc_v[] = {NULL, NULL};
2056 char *info_v[] = {NULL, NULL};
2057 char *mitMoiraId_v[] = {NULL, NULL};
2058 char *groupTypeControl_v[] = {NULL, NULL};
2059 char groupTypeControlStr[80];
2060 char group_membership[1];
2063 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2071 if (!check_string(av[L_NAME]))
2073 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2074 return(AD_INVALID_NAME);
2077 updateGroup = (int)call_args[4];
2078 memset(group_ou, 0, sizeof(group_ou));
2079 memset(group_membership, 0, sizeof(group_membership));
2081 get_group_membership(group_membership, group_ou, &security_flag, av);
2082 strcpy(new_group_name, av[L_NAME]);
2083 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2085 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2087 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2092 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2093 groupTypeControl_v[0] = groupTypeControlStr;
2095 strcpy(cn_group_name, av[L_NAME]);
2097 samAccountName_v[0] = sam_group_name;
2098 name_v[0] = new_group_name;
2099 cn_v[0] = new_group_name;
2102 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2103 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2104 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2105 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2106 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2107 if (strlen(av[L_DESC]) != 0)
2109 desc_v[0] = av[L_DESC];
2110 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2112 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2113 if (strlen(av[L_ACE_NAME]) != 0)
2115 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2117 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2119 if (strlen(call_args[5]) != 0)
2121 mitMoiraId_v[0] = call_args[5];
2122 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2126 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2128 for (i = 0; i < n; i++)
2130 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2132 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2133 av[L_NAME], ldap_err2string(rc));
2138 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2140 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2141 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2142 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2144 if (strlen(call_args[5]) != 0)
2146 mitMoiraId_v[0] = call_args[5];
2147 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2149 if (!(atoi(av[L_ACTIVE])))
2152 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2158 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2159 for (i = 0; i < n; i++)
2161 if (rc != LDAP_SUCCESS)
2163 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2164 av[L_NAME], ldap_err2string(rc));
2171 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2172 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2174 return(LDAP_SUCCESS);
2177 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2178 int HiddenGroup, char *AceType, char *AceName)
2180 char filter_exp[1024];
2181 char *attr_array[5];
2182 char search_path[512];
2184 char TemplateDn[512];
2185 char TemplateSamName[128];
2187 char TargetSamName[128];
2188 char AceSamAccountName[128];
2190 unsigned char AceSid[128];
2191 unsigned char UserTemplateSid[128];
2192 char acBERBuf[N_SD_BER_BYTES];
2193 char GroupSecurityTemplate[256];
2195 int UserTemplateSidCount;
2202 int array_count = 0;
2204 LK_ENTRY *group_base;
2205 LDAP_BERVAL **ppsValues;
2206 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2207 { N_SD_BER_BYTES, acBERBuf },
2210 LDAPControl *apsServerControls[] = {&sControl, NULL};
2213 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2214 BEREncodeSecurityBits(dwInfo, acBERBuf);
2216 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2217 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2218 attr_array[0] = "sAMAccountName";
2219 attr_array[1] = NULL;
2222 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2223 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2225 if (group_count != 1)
2227 linklist_free(group_base);
2230 strcpy(TargetDn, group_base->dn);
2231 strcpy(TargetSamName, group_base->value);
2232 linklist_free(group_base);
2236 UserTemplateSidCount = 0;
2237 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2238 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2239 memset(AceSid, '\0', sizeof(AceSid));
2243 if (strlen(AceName) != 0)
2245 if (!strcmp(AceType, "LIST"))
2247 sprintf(AceSamAccountName, "%s_group", AceName);
2248 strcpy(root_ou, group_ou_root);
2250 else if (!strcmp(AceType, "USER"))
2252 sprintf(AceSamAccountName, "%s", AceName);
2253 strcpy(root_ou, user_ou);
2255 if (strlen(AceSamAccountName) != 0)
2257 sprintf(search_path, "%s", dn_path);
2258 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2259 attr_array[0] = "objectSid";
2260 attr_array[1] = NULL;
2263 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2264 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2266 if (group_count == 1)
2268 strcpy(AceDn, group_base->dn);
2269 AceSidCount = group_base->length;
2270 memcpy(AceSid, group_base->value, AceSidCount);
2272 linklist_free(group_base);
2277 if (AceSidCount == 0)
2279 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2280 com_err(whoami, 0, " Non-admin security group template will be used.");
2284 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2285 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2286 attr_array[0] = "objectSid";
2287 attr_array[1] = NULL;
2291 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2292 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2294 if ((rc != 0) || (group_count != 1))
2296 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2301 UserTemplateSidCount = group_base->length;
2302 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2304 linklist_free(group_base);
2311 if (AceSidCount == 0)
2313 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2314 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2318 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2319 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2324 if (AceSidCount == 0)
2326 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2327 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2331 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2332 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2336 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2337 attr_array[0] = "sAMAccountName";
2338 attr_array[1] = NULL;
2341 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2342 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2344 if (group_count != 1)
2346 linklist_free(group_base);
2347 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2350 strcpy(TemplateDn, group_base->dn);
2351 strcpy(TemplateSamName, group_base->value);
2352 linklist_free(group_base);
2356 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2357 rc = ldap_search_ext_s(ldap_handle,
2369 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2371 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2374 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2375 if (ppsValues == NULL)
2377 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2381 if (AceSidCount != 0)
2383 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2385 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2387 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2389 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2397 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2400 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2401 for (i = 0; i < n; i++)
2403 ldap_value_free_len(ppsValues);
2404 ldap_msgfree(psMsg);
2405 if (rc != LDAP_SUCCESS)
2407 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2408 TargetGroupName, ldap_err2string(rc));
2409 if (AceSidCount != 0)
2411 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2413 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2414 HiddenGroup, "", ""))
2416 com_err(whoami, 0, "Unable to set security for group %s.",
2426 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2427 char *group_membership, char *MoiraId)
2429 LK_ENTRY *group_base;
2435 if (!check_string(group_name))
2437 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2438 return(AD_INVALID_NAME);
2441 memset(filter, '\0', sizeof(filter));
2444 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2445 if (rc = ad_get_group(ldap_handle, temp, group_name,
2446 group_membership, MoiraId,
2447 "distinguishedName", &group_base,
2448 &group_count, filter))
2451 if (group_count == 1)
2453 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2455 linklist_free(group_base);
2456 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2457 group_name, ldap_err2string(rc));
2460 linklist_free(group_base);
2464 linklist_free(group_base);
2465 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2466 return(AD_NO_GROUPS_FOUND);
2472 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2478 return(N_SD_BER_BYTES);
2481 int process_lists(int ac, char **av, void *ptr)
2486 char group_membership[2];
2492 memset(group_ou, '\0', sizeof(group_ou));
2493 memset(group_membership, '\0', sizeof(group_membership));
2494 get_group_membership(group_membership, group_ou, &security_flag, av);
2495 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2496 group_ou, group_membership, call_args[2],
2497 (char *)call_args[3], "");
2501 int member_list_build(int ac, char **av, void *ptr)
2509 strcpy(temp, av[ACE_NAME]);
2510 if (!check_string(temp))
2512 if (!strcmp(av[ACE_TYPE], "USER"))
2514 if (!((int)call_args[3] & MOIRA_USERS))
2517 else if (!strcmp(av[ACE_TYPE], "STRING"))
2519 if (!((int)call_args[3] & MOIRA_STRINGS))
2521 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2524 else if (!strcmp(av[ACE_TYPE], "LIST"))
2526 if (!((int)call_args[3] & MOIRA_LISTS))
2529 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2531 if (!((int)call_args[3] & MOIRA_KERBEROS))
2533 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2539 linklist = member_base;
2542 if (!strcasecmp(temp, linklist->member))
2544 linklist = linklist->next;
2546 linklist = calloc(1, sizeof(LK_ENTRY));
2548 linklist->dn = NULL;
2549 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2550 strcpy(linklist->list, call_args[2]);
2551 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2552 strcpy(linklist->type, av[ACE_TYPE]);
2553 linklist->member = calloc(1, strlen(temp) + 1);
2554 strcpy(linklist->member, temp);
2555 linklist->next = member_base;
2556 member_base = linklist;
2560 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2561 char *group_ou, char *group_membership, char *user_name,
2562 char *UserOu, char *MoiraId)
2564 char distinguished_name[1024];
2572 LK_ENTRY *group_base;
2575 if (!check_string(group_name))
2576 return(AD_INVALID_NAME);
2578 memset(filter, '\0', sizeof(filter));
2581 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2582 group_membership, MoiraId,
2583 "distinguishedName", &group_base,
2584 &group_count, filter))
2587 if (group_count != 1)
2589 com_err(whoami, 0, "Unable to find list %s in AD",
2591 linklist_free(group_base);
2596 strcpy(distinguished_name, group_base->value);
2597 linklist_free(group_base);
2601 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2602 modvalues[0] = temp;
2603 modvalues[1] = NULL;
2606 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2608 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2609 for (i = 0; i < n; i++)
2611 if (rc == LDAP_UNWILLING_TO_PERFORM)
2613 if (rc != LDAP_SUCCESS)
2615 com_err(whoami, 0, "Unable to modify list %s members : %s",
2616 group_name, ldap_err2string(rc));
2624 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2625 char *group_ou, char *group_membership, char *user_name,
2626 char *UserOu, char *MoiraId)
2628 char distinguished_name[1024];
2636 LK_ENTRY *group_base;
2639 if (!check_string(group_name))
2640 return(AD_INVALID_NAME);
2643 memset(filter, '\0', sizeof(filter));
2646 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2647 group_membership, MoiraId,
2648 "distinguishedName", &group_base,
2649 &group_count, filter))
2652 if (group_count != 1)
2654 linklist_free(group_base);
2657 com_err(whoami, 0, "Unable to find list %s in AD",
2659 return(AD_MULTIPLE_GROUPS_FOUND);
2662 strcpy(distinguished_name, group_base->value);
2663 linklist_free(group_base);
2667 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2668 modvalues[0] = temp;
2669 modvalues[1] = NULL;
2672 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2674 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2675 if (rc == LDAP_ALREADY_EXISTS)
2677 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2679 if (rc == LDAP_UNWILLING_TO_PERFORM)
2682 for (i = 0; i < n; i++)
2684 if (rc != LDAP_SUCCESS)
2686 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2687 user_name, group_name, ldap_err2string(rc));
2693 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2697 char cn_user_name[256];
2698 char contact_name[256];
2699 char *email_v[] = {NULL, NULL};
2700 char *cn_v[] = {NULL, NULL};
2701 char *contact_v[] = {NULL, NULL};
2702 char *objectClass_v[] = {"top", "person",
2703 "organizationalPerson",
2705 char *name_v[] = {NULL, NULL};
2706 char *desc_v[] = {NULL, NULL};
2711 if (!check_string(user))
2713 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2714 return(AD_INVALID_NAME);
2716 strcpy(contact_name, user);
2717 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2718 cn_v[0] = cn_user_name;
2719 contact_v[0] = contact_name;
2721 desc_v[0] = "Auto account created by Moira";
2724 strcpy(new_dn, cn_user_name);
2726 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2727 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2728 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2729 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2730 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2731 if (!strcmp(group_ou, contact_ou))
2733 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2737 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2738 for (i = 0; i < n; i++)
2740 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2743 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2744 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2745 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2746 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2747 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2749 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2750 for (i = 0; i < n; i++)
2753 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2755 com_err(whoami, 0, "Unable to create contact %s : %s",
2756 user, ldap_err2string(rc));
2762 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2763 char *Uid, char *MitId, char *MoiraId, int State,
2764 char *WinHomeDir, char *WinProfileDir)
2767 LK_ENTRY *group_base;
2769 char distinguished_name[512];
2770 char *mitMoiraId_v[] = {NULL, NULL};
2771 char *uid_v[] = {NULL, NULL};
2772 char *mitid_v[] = {NULL, NULL};
2773 char *homedir_v[] = {NULL, NULL};
2774 char *winProfile_v[] = {NULL, NULL};
2775 char *drives_v[] = {NULL, NULL};
2776 char *userAccountControl_v[] = {NULL, NULL};
2777 char userAccountControlStr[80];
2782 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2784 char *attr_array[3];
2787 if (!check_string(user_name))
2789 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2790 return(AD_INVALID_NAME);
2796 if (strlen(MoiraId) != 0)
2798 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2799 attr_array[0] = "cn";
2800 attr_array[1] = NULL;
2801 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2802 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2804 com_err(whoami, 0, "Unable to process user %s : %s",
2805 user_name, ldap_err2string(rc));
2809 if (group_count != 1)
2811 linklist_free(group_base);
2814 sprintf(filter, "(sAMAccountName=%s)", user_name);
2815 attr_array[0] = "cn";
2816 attr_array[1] = NULL;
2817 sprintf(temp, "%s,%s", user_ou, dn_path);
2818 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2819 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2821 com_err(whoami, 0, "Unable to process user %s : %s",
2822 user_name, ldap_err2string(rc));
2827 if (group_count != 1)
2829 com_err(whoami, 0, "Unable to find user %s in AD",
2831 linklist_free(group_base);
2832 return(AD_NO_USER_FOUND);
2834 strcpy(distinguished_name, group_base->dn);
2836 linklist_free(group_base);
2839 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
2840 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
2842 rc = attribute_update(ldap_handle, distinguished_name, "none", "employeeID", user_name);
2843 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
2844 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
2850 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2854 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
2858 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2859 userAccountControl |= UF_ACCOUNTDISABLE;
2860 sprintf(userAccountControlStr, "%ld", userAccountControl);
2861 userAccountControl_v[0] = userAccountControlStr;
2862 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
2864 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
2865 WinProfileDir, homedir_v, winProfile_v,
2866 drives_v, mods, LDAP_MOD_REPLACE, n);
2869 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2871 OldUseSFU30 = UseSFU30;
2872 SwitchSFU(mods, &UseSFU30, n);
2873 if (OldUseSFU30 != UseSFU30)
2874 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2877 com_err(whoami, 0, "Unable to modify user data for %s : %s",
2878 user_name, ldap_err2string(rc));
2881 for (i = 0; i < n; i++)
2886 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2894 char *userPrincipalName_v[] = {NULL, NULL};
2895 char *altSecurityIdentities_v[] = {NULL, NULL};
2896 char *name_v[] = {NULL, NULL};
2897 char *samAccountName_v[] = {NULL, NULL};
2902 if (!check_string(before_user_name))
2904 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
2905 return(AD_INVALID_NAME);
2907 if (!check_string(user_name))
2909 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2910 return(AD_INVALID_NAME);
2913 strcpy(user_name, user_name);
2914 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2915 sprintf(new_dn, "cn=%s", user_name);
2916 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2917 NULL, NULL)) != LDAP_SUCCESS)
2919 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
2920 before_user_name, user_name, ldap_err2string(rc));
2924 name_v[0] = user_name;
2925 sprintf(upn, "%s@%s", user_name, ldap_domain);
2926 userPrincipalName_v[0] = upn;
2927 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2928 altSecurityIdentities_v[0] = temp;
2929 samAccountName_v[0] = user_name;
2932 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2933 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2934 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2935 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2937 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2938 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2940 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
2941 user_name, ldap_err2string(rc));
2943 for (i = 0; i < n; i++)
2949 int user_create(int ac, char **av, void *ptr)
2953 char user_name[256];
2956 char *cn_v[] = {NULL, NULL};
2957 char *objectClass_v[] = {"top", "person",
2958 "organizationalPerson",
2961 char *samAccountName_v[] = {NULL, NULL};
2962 char *altSecurityIdentities_v[] = {NULL, NULL};
2963 char *mitMoiraId_v[] = {NULL, NULL};
2964 char *name_v[] = {NULL, NULL};
2965 char *desc_v[] = {NULL, NULL};
2966 char *userPrincipalName_v[] = {NULL, NULL};
2967 char *userAccountControl_v[] = {NULL, NULL};
2968 char *uid_v[] = {NULL, NULL};
2969 char *mitid_v[] = {NULL, NULL};
2970 char *homedir_v[] = {NULL, NULL};
2971 char *winProfile_v[] = {NULL, NULL};
2972 char *drives_v[] = {NULL, NULL};
2973 char userAccountControlStr[80];
2975 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2981 char WinHomeDir[1024];
2982 char WinProfileDir[1024];
2986 if (!check_string(av[U_NAME]))
2988 callback_rc = AD_INVALID_NAME;
2989 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
2990 return(AD_INVALID_NAME);
2993 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
2994 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
2995 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
2996 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
2997 strcpy(user_name, av[U_NAME]);
2998 sprintf(upn, "%s@%s", user_name, ldap_domain);
2999 sprintf(sam_name, "%s", av[U_NAME]);
3000 samAccountName_v[0] = sam_name;
3001 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3002 userAccountControl |= UF_ACCOUNTDISABLE;
3003 sprintf(userAccountControlStr, "%ld", userAccountControl);
3004 userAccountControl_v[0] = userAccountControlStr;
3005 userPrincipalName_v[0] = upn;
3007 cn_v[0] = user_name;
3008 name_v[0] = user_name;
3009 desc_v[0] = "Auto account created by Moira";
3010 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3011 altSecurityIdentities_v[0] = temp;
3012 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3015 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3016 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3017 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3018 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3019 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3020 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3021 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3022 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3023 if (strlen(call_args[2]) != 0)
3025 mitMoiraId_v[0] = call_args[2];
3026 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3028 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3029 if (strlen(av[U_UID]) != 0)
3031 uid_v[0] = av[U_UID];
3032 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3035 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3039 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3042 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
3043 mitid_v[0] = av[U_MITID];
3045 mitid_v[0] = "none";
3046 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3048 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3049 WinProfileDir, homedir_v, winProfile_v,
3050 drives_v, mods, LDAP_MOD_ADD, n);
3054 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3055 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3057 OldUseSFU30 = UseSFU30;
3058 SwitchSFU(mods, &UseSFU30, n);
3059 if (OldUseSFU30 != UseSFU30)
3060 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3063 for (i = 0; i < n; i++)
3065 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3067 com_err(whoami, 0, "Unable to create user %s : %s",
3068 user_name, ldap_err2string(rc));
3072 if (rc == LDAP_SUCCESS)
3074 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3076 ad_kdc_disconnect();
3078 if (!ad_server_connect(default_server, ldap_domain))
3080 com_err(whoami, 0, "Unable to set password for user %s : %s",
3081 user_name, "cannot get changepw ticket from windows domain");
3085 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3087 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3096 int user_change_status(LDAP *ldap_handle, char *dn_path,
3097 char *user_name, char *MoiraId,
3101 char *attr_array[3];
3103 char distinguished_name[1024];
3105 char *mitMoiraId_v[] = {NULL, NULL};
3107 LK_ENTRY *group_base;
3114 if (!check_string(user_name))
3116 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3117 return(AD_INVALID_NAME);
3123 if (strlen(MoiraId) != 0)
3125 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3126 attr_array[0] = "UserAccountControl";
3127 attr_array[1] = NULL;
3128 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3129 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3131 com_err(whoami, 0, "Unable to process user %s : %s",
3132 user_name, ldap_err2string(rc));
3136 if (group_count != 1)
3138 linklist_free(group_base);
3141 sprintf(filter, "(sAMAccountName=%s)", user_name);
3142 attr_array[0] = "UserAccountControl";
3143 attr_array[1] = NULL;
3144 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3145 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3147 com_err(whoami, 0, "Unable to process user %s : %s",
3148 user_name, ldap_err2string(rc));
3153 if (group_count != 1)
3155 linklist_free(group_base);
3156 com_err(whoami, 0, "Unable to find user %s in AD",
3158 return(LDAP_NO_SUCH_OBJECT);
3161 strcpy(distinguished_name, group_base->dn);
3162 ulongValue = atoi((*group_base).value);
3163 if (operation == MEMBER_DEACTIVATE)
3164 ulongValue |= UF_ACCOUNTDISABLE;
3166 ulongValue &= ~UF_ACCOUNTDISABLE;
3167 sprintf(temp, "%ld", ulongValue);
3168 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3169 temp, &modvalues, REPLACE)) == 1)
3171 linklist_free(group_base);
3175 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3176 if (strlen(MoiraId) != 0)
3178 mitMoiraId_v[0] = MoiraId;
3179 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3182 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3183 for (i = 0; i < n; i++)
3185 free_values(modvalues);
3186 if (rc != LDAP_SUCCESS)
3188 com_err(whoami, 0, "Unable to change status of user %s : %s",
3189 user_name, ldap_err2string(rc));
3195 int user_delete(LDAP *ldap_handle, char *dn_path,
3196 char *u_name, char *MoiraId)
3199 char *attr_array[3];
3200 char distinguished_name[1024];
3201 char user_name[512];
3202 LK_ENTRY *group_base;
3206 if (!check_string(u_name))
3207 return(AD_INVALID_NAME);
3209 strcpy(user_name, u_name);
3213 if (strlen(MoiraId) != 0)
3215 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3216 attr_array[0] = "name";
3217 attr_array[1] = NULL;
3218 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3219 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3221 com_err(whoami, 0, "Unable to process user %s : %s",
3222 user_name, ldap_err2string(rc));
3226 if (group_count != 1)
3228 linklist_free(group_base);
3231 sprintf(filter, "(sAMAccountName=%s)", user_name);
3232 attr_array[0] = "name";
3233 attr_array[1] = NULL;
3234 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3235 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3237 com_err(whoami, 0, "Unable to process user %s : %s",
3238 user_name, ldap_err2string(rc));
3243 if (group_count != 1)
3245 com_err(whoami, 0, "Unable to find user %s in AD",
3250 strcpy(distinguished_name, group_base->dn);
3251 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3253 com_err(whoami, 0, "Unable to process user %s : %s",
3254 user_name, ldap_err2string(rc));
3258 linklist_free(group_base);
3262 void linklist_free(LK_ENTRY *linklist_base)
3264 LK_ENTRY *linklist_previous;
3266 while (linklist_base != NULL)
3268 if (linklist_base->dn != NULL)
3269 free(linklist_base->dn);
3270 if (linklist_base->attribute != NULL)
3271 free(linklist_base->attribute);
3272 if (linklist_base->value != NULL)
3273 free(linklist_base->value);
3274 if (linklist_base->member != NULL)
3275 free(linklist_base->member);
3276 if (linklist_base->type != NULL)
3277 free(linklist_base->type);
3278 if (linklist_base->list != NULL)
3279 free(linklist_base->list);
3280 linklist_previous = linklist_base;
3281 linklist_base = linklist_previous->next;
3282 free(linklist_previous);
3286 void free_values(char **modvalues)
3291 if (modvalues != NULL)
3293 while (modvalues[i] != NULL)
3296 modvalues[i] = NULL;
3303 static int illegalchars[] = {
3304 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3305 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3306 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3307 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3308 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3309 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3312 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3313 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3314 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3315 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3316 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3317 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3318 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3319 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3322 int check_string(char *s)
3329 if (isupper(character))
3330 character = tolower(character);
3331 if (illegalchars[(unsigned) character])
3337 int check_container_name(char *s)
3344 if (isupper(character))
3345 character = tolower(character);
3347 if (character == ' ')
3349 if (illegalchars[(unsigned) character])
3355 int mr_connect_cl(char *server, char *client, int version, int auth)
3361 status = mr_connect(server);
3364 com_err(whoami, status, "while connecting to Moira");
3368 status = mr_motd(&motd);
3372 com_err(whoami, status, "while checking server status");
3377 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3378 com_err(whoami, status, temp);
3383 status = mr_version(version);
3386 if (status == MR_UNKNOWN_PROC)
3389 status = MR_VERSION_HIGH;
3391 status = MR_SUCCESS;
3394 if (status == MR_VERSION_HIGH)
3396 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3397 com_err(whoami, 0, "Some operations may not work.");
3399 else if (status && status != MR_VERSION_LOW)
3401 com_err(whoami, status, "while setting query version number.");
3409 status = mr_krb5_auth(client);
3412 com_err(whoami, status, "while authenticating to Moira.");
3421 void AfsToWinAfs(char* path, char* winPath)
3425 strcpy(winPath, WINAFS);
3426 pathPtr = path + strlen(AFS);
3427 winPathPtr = winPath + strlen(WINAFS);
3431 if (*pathPtr == '/')
3434 *winPathPtr = *pathPtr;
3441 int GetAceInfo(int ac, char **av, void *ptr)
3448 strcpy(call_args[0], av[L_ACE_TYPE]);
3449 strcpy(call_args[1], av[L_ACE_NAME]);
3451 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3452 return(LDAP_SUCCESS);
3456 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3459 char *attr_array[3];
3462 LK_ENTRY *group_base;
3467 sprintf(filter, "(sAMAccountName=%s)", Name);
3468 attr_array[0] = "sAMAccountName";
3469 attr_array[1] = NULL;
3470 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3471 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3473 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3474 Name, ldap_err2string(rc));
3478 linklist_free(group_base);
3480 if (group_count == 0)
3487 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3490 char GroupName[256];
3496 char AceMembership[2];
3500 strcpy(GroupName, Name);
3502 if (strcasecmp(Type, "LIST"))
3507 AceInfo[0] = AceType;
3508 AceInfo[1] = AceName;
3509 AceInfo[2] = AceMembership;
3511 memset(AceType, '\0', sizeof(AceType));
3512 memset(AceName, '\0', sizeof(AceName));
3513 memset(AceMembership, '\0', sizeof(AceMembership));
3514 memset(AceOu, '\0', sizeof(AceOu));
3516 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3518 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3523 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3526 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3528 strcpy(temp, AceName);
3529 if (!strcasecmp(AceType, "LIST"))
3530 sprintf(temp, "%s_group", AceName);
3533 if (checkADname(ldap_handle, dn_path, temp))
3535 (*ProcessGroup) = 1;
3537 if (!strcasecmp(AceInfo[0], "LIST"))
3539 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3542 else if (!strcasecmp(AceInfo[0], "USER"))
3545 call_args[0] = (char *)ldap_handle;
3546 call_args[1] = dn_path;
3548 call_args[3] = NULL;
3550 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3552 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3557 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3564 if (!strcasecmp(AceType, "LIST"))
3566 if (!strcasecmp(GroupName, AceName))
3569 strcpy(GroupName, AceName);
3574 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3575 char *group_name, char *group_ou, char *group_membership,
3576 int group_security_flag, int updateGroup)
3583 call_args[0] = (char *)ldap_handle;
3584 call_args[1] = dn_path;
3585 call_args[2] = group_name;
3586 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3587 call_args[4] = (char *)updateGroup;
3588 call_args[5] = MoiraId;
3589 call_args[6] = NULL;
3591 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3594 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3600 com_err(whoami, 0, "Unable to create list %s", group_name);
3601 return(callback_rc);
3607 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3608 char *group_ou, char *group_membership,
3609 int group_security_flag, char *MoiraId)
3617 com_err(whoami, 0, "Populating group %s", group_name);
3619 call_args[0] = (char *)ldap_handle;
3620 call_args[1] = dn_path;
3621 call_args[2] = group_name;
3622 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3623 call_args[4] = NULL;
3625 if (rc = mr_query("get_end_members_of_list", 1, av,
3626 member_list_build, call_args))
3628 com_err(whoami, 0, "Unable to populate list %s : %s",
3629 group_name, error_message(rc));
3632 if (member_base != NULL)
3637 if (!strcasecmp(ptr->type, "LIST"))
3643 if (!strcasecmp(ptr->type, "STRING"))
3645 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3647 pUserOu = contact_ou;
3649 else if (!strcasecmp(ptr->type, "KERBEROS"))
3651 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3653 pUserOu = kerberos_ou;
3655 rc = member_add(ldap_handle, dn_path, group_name,
3656 group_ou, group_membership, ptr->member,
3660 linklist_free(member_base);
3666 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3667 char *group_name, char *group_ou, char *group_membership,
3668 int group_security_flag, int type)
3670 char before_desc[512];
3671 char before_name[256];
3672 char before_group_ou[256];
3673 char before_group_membership[2];
3674 char distinguishedName[256];
3675 char ad_distinguishedName[256];
3677 char *attr_array[3];
3678 int before_security_flag;
3681 LK_ENTRY *group_base;
3684 char ou_security[512];
3685 char ou_distribution[512];
3686 char ou_neither[512];
3688 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3689 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3692 memset(filter, '\0', sizeof(filter));
3695 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3697 "distinguishedName", &group_base,
3698 &group_count, filter))
3701 if (type == CHECK_GROUPS)
3703 if (group_count == 1)
3705 if (!strcasecmp(group_base->value, distinguishedName))
3707 linklist_free(group_base);
3711 linklist_free(group_base);
3712 if (group_count == 0)
3713 return(AD_NO_GROUPS_FOUND);
3714 if (group_count == 1)
3715 return(AD_WRONG_GROUP_DN_FOUND);
3716 return(AD_MULTIPLE_GROUPS_FOUND);
3718 if (group_count == 0)
3720 return(AD_NO_GROUPS_FOUND);
3722 if (group_count > 1)
3727 if (!strcasecmp(distinguishedName, ptr->value))
3733 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3737 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3740 linklist_free(group_base);
3741 return(AD_MULTIPLE_GROUPS_FOUND);
3746 if (strcasecmp(distinguishedName, ptr->value))
3747 rc = ldap_delete_s(ldap_handle, ptr->value);
3750 linklist_free(group_base);
3751 memset(filter, '\0', sizeof(filter));
3754 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3756 "distinguishedName", &group_base,
3757 &group_count, filter))
3759 if (group_count == 0)
3760 return(AD_NO_GROUPS_FOUND);
3761 if (group_count > 1)
3762 return(AD_MULTIPLE_GROUPS_FOUND);
3765 strcpy(ad_distinguishedName, group_base->value);
3766 linklist_free(group_base);
3770 attr_array[0] = "sAMAccountName";
3771 attr_array[1] = NULL;
3772 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3773 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3775 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3776 MoiraId, ldap_err2string(rc));
3779 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
3781 if (!strcasecmp(ad_distinguishedName, distinguishedName))
3783 linklist_free(group_base);
3788 linklist_free(group_base);
3791 memset(ou_both, '\0', sizeof(ou_both));
3792 memset(ou_security, '\0', sizeof(ou_security));
3793 memset(ou_distribution, '\0', sizeof(ou_distribution));
3794 memset(ou_neither, '\0', sizeof(ou_neither));
3795 memset(before_name, '\0', sizeof(before_name));
3796 memset(before_desc, '\0', sizeof(before_desc));
3797 memset(before_group_membership, '\0', sizeof(before_group_membership));
3798 attr_array[0] = "name";
3799 attr_array[1] = NULL;
3800 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3801 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3803 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
3804 MoiraId, ldap_err2string(rc));
3807 strcpy(before_name, group_base->value);
3808 linklist_free(group_base);
3811 attr_array[0] = "description";
3812 attr_array[1] = NULL;
3813 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3814 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3817 "Unable to get list description with MoiraId = %s: %s",
3818 MoiraId, ldap_err2string(rc));
3821 if (group_count != 0)
3823 strcpy(before_desc, group_base->value);
3824 linklist_free(group_base);
3828 change_to_lower_case(ad_distinguishedName);
3829 strcpy(ou_both, group_ou_both);
3830 change_to_lower_case(ou_both);
3831 strcpy(ou_security, group_ou_security);
3832 change_to_lower_case(ou_security);
3833 strcpy(ou_distribution, group_ou_distribution);
3834 change_to_lower_case(ou_distribution);
3835 strcpy(ou_neither, group_ou_neither);
3836 change_to_lower_case(ou_neither);
3837 if (strstr(ad_distinguishedName, ou_both))
3839 strcpy(before_group_ou, group_ou_both);
3840 before_group_membership[0] = 'B';
3841 before_security_flag = 1;
3843 else if (strstr(ad_distinguishedName, ou_security))
3845 strcpy(before_group_ou, group_ou_security);
3846 before_group_membership[0] = 'S';
3847 before_security_flag = 1;
3849 else if (strstr(ad_distinguishedName, ou_distribution))
3851 strcpy(before_group_ou, group_ou_distribution);
3852 before_group_membership[0] = 'D';
3853 before_security_flag = 0;
3855 else if (strstr(ad_distinguishedName, ou_neither))
3857 strcpy(before_group_ou, group_ou_neither);
3858 before_group_membership[0] = 'N';
3859 before_security_flag = 0;
3862 return(AD_NO_OU_FOUND);
3863 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
3864 before_group_ou, before_security_flag, before_desc,
3865 group_name, group_membership, group_ou, group_security_flag,
3866 before_desc, MoiraId, filter);
3870 void change_to_lower_case(char *ptr)
3874 for (i = 0; i < (int)strlen(ptr); i++)
3876 ptr[i] = tolower(ptr[i]);
3880 int ad_get_group(LDAP *ldap_handle, char *dn_path,
3881 char *group_name, char *group_membership,
3882 char *MoiraId, char *attribute,
3883 LK_ENTRY **linklist_base, int *linklist_count,
3888 char *attr_array[3];
3891 (*linklist_base) = NULL;
3892 (*linklist_count) = 0;
3893 if (strlen(rFilter) != 0)
3895 strcpy(filter, rFilter);
3896 attr_array[0] = attribute;
3897 attr_array[1] = NULL;
3898 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3899 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
3901 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3902 MoiraId, ldap_err2string(rc));
3905 if ((*linklist_count) == 1)
3907 strcpy(rFilter, filter);
3912 linklist_free((*linklist_base));
3913 (*linklist_base) = NULL;
3914 (*linklist_count) = 0;
3915 if (strlen(MoiraId) != 0)
3917 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
3918 attr_array[0] = attribute;
3919 attr_array[1] = NULL;
3920 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3921 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
3923 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3924 MoiraId, ldap_err2string(rc));
3928 if ((*linklist_count) > 1)
3930 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
3931 pPtr = (*linklist_base);
3934 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
3937 linklist_free((*linklist_base));
3938 (*linklist_base) = NULL;
3939 (*linklist_count) = 0;
3941 if ((*linklist_count) == 1)
3943 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
3945 strcpy(rFilter, filter);
3950 linklist_free((*linklist_base));
3951 (*linklist_base) = NULL;
3952 (*linklist_count) = 0;
3953 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
3954 attr_array[0] = attribute;
3955 attr_array[1] = NULL;
3956 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3957 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
3959 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3960 MoiraId, ldap_err2string(rc));
3963 if ((*linklist_count) == 1)
3965 strcpy(rFilter, filter);
3972 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
3975 char *attr_array[3];
3976 char SamAccountName[64];
3979 LK_ENTRY *group_base;
3985 if (strlen(MoiraId) != 0)
3987 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3988 attr_array[0] = "sAMAccountName";
3989 attr_array[1] = NULL;
3990 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3991 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3993 com_err(whoami, 0, "Unable to process user %s : %s",
3994 UserName, ldap_err2string(rc));
3997 if (group_count > 1)
3999 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4004 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4005 gPtr->value, MoiraId);
4010 if (group_count != 1)
4012 linklist_free(group_base);
4015 sprintf(filter, "(sAMAccountName=%s)", UserName);
4016 attr_array[0] = "sAMAccountName";
4017 attr_array[1] = NULL;
4018 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4019 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4021 com_err(whoami, 0, "Unable to process user %s : %s",
4022 UserName, ldap_err2string(rc));
4027 if (group_count != 1)
4029 linklist_free(group_base);
4030 return(AD_NO_USER_FOUND);
4032 strcpy(SamAccountName, group_base->value);
4033 linklist_free(group_base);
4036 if (strcmp(SamAccountName, UserName))
4038 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4044 void container_get_dn(char *src, char *dest)
4051 memset(array, '\0', 20 * sizeof(array[0]));
4053 if (strlen(src) == 0)
4072 strcpy(dest, "OU=");
4075 strcat(dest, array[n-1]);
4079 strcat(dest, ",OU=");
4085 void container_get_name(char *src, char *dest)
4090 if (strlen(src) == 0)
4107 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4114 strcpy(cName, name);
4115 for (i = 0; i < (int)strlen(cName); i++)
4117 if (cName[i] == '/')
4120 av[CONTAINER_NAME] = cName;
4121 av[CONTAINER_DESC] = "";
4122 av[CONTAINER_LOCATION] = "";
4123 av[CONTAINER_CONTACT] = "";
4124 av[CONTAINER_TYPE] = "";
4125 av[CONTAINER_ID] = "";
4126 av[CONTAINER_ROWID] = "";
4127 rc = container_create(ldap_handle, dn_path, 7, av);
4128 if (rc == LDAP_SUCCESS)
4130 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4138 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4139 int afterc, char **after)
4144 char new_dn_path[256];
4146 char distinguishedName[256];
4151 memset(cName, '\0', sizeof(cName));
4152 container_get_name(after[CONTAINER_NAME], cName);
4153 if (!check_container_name(cName))
4155 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4156 return(AD_INVALID_NAME);
4159 memset(distinguishedName, '\0', sizeof(distinguishedName));
4160 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4162 if (strlen(distinguishedName) == 0)
4164 rc = container_create(ldap_handle, dn_path, afterc, after);
4168 strcpy(temp, after[CONTAINER_NAME]);
4170 for (i = 0; i < (int)strlen(temp); i++)
4179 container_get_dn(temp, dName);
4180 if (strlen(temp) != 0)
4181 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4183 sprintf(new_dn_path, "%s", dn_path);
4184 sprintf(new_cn, "OU=%s", cName);
4186 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4188 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4189 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4191 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4192 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4196 memset(dName, '\0', sizeof(dName));
4197 container_get_dn(after[CONTAINER_NAME], dName);
4198 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4202 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4204 char distinguishedName[256];
4207 memset(distinguishedName, '\0', sizeof(distinguishedName));
4208 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4210 if (strlen(distinguishedName) == 0)
4212 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4214 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4215 container_move_objects(ldap_handle, dn_path, distinguishedName);
4217 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4218 av[CONTAINER_NAME], ldap_err2string(rc));
4223 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4225 char *attr_array[3];
4226 LK_ENTRY *group_base;
4229 char *objectClass_v[] = {"top",
4230 "organizationalUnit",
4233 char *ou_v[] = {NULL, NULL};
4234 char *name_v[] = {NULL, NULL};
4235 char *moiraId_v[] = {NULL, NULL};
4236 char *desc_v[] = {NULL, NULL};
4237 char *managedBy_v[] = {NULL, NULL};
4240 char managedByDN[256];
4247 memset(filter, '\0', sizeof(filter));
4248 memset(dName, '\0', sizeof(dName));
4249 memset(cName, '\0', sizeof(cName));
4250 memset(managedByDN, '\0', sizeof(managedByDN));
4251 container_get_dn(av[CONTAINER_NAME], dName);
4252 container_get_name(av[CONTAINER_NAME], cName);
4254 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4256 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4257 return(AD_INVALID_NAME);
4260 if (!check_container_name(cName))
4262 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4263 return(AD_INVALID_NAME);
4267 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4269 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4271 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4272 if (strlen(av[CONTAINER_ROWID]) != 0)
4274 moiraId_v[0] = av[CONTAINER_ROWID];
4275 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4277 if (strlen(av[CONTAINER_DESC]) != 0)
4279 desc_v[0] = av[CONTAINER_DESC];
4280 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4282 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4284 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4286 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4288 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4289 managedBy_v[0] = managedByDN;
4290 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4295 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4297 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4299 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4301 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4303 if (strlen(filter) != 0)
4305 attr_array[0] = "distinguishedName";
4306 attr_array[1] = NULL;
4309 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4310 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4312 if (group_count == 1)
4314 strcpy(managedByDN, group_base->value);
4315 managedBy_v[0] = managedByDN;
4316 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4318 linklist_free(group_base);
4327 sprintf(temp, "%s,%s", dName, dn_path);
4328 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4329 for (i = 0; i < n; i++)
4331 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4333 com_err(whoami, 0, "Unable to create container %s : %s",
4334 cName, ldap_err2string(rc));
4337 if (rc == LDAP_ALREADY_EXISTS)
4339 if (strlen(av[CONTAINER_ROWID]) != 0)
4340 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4345 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4346 int afterc, char **after)
4348 char distinguishedName[256];
4351 memset(distinguishedName, '\0', sizeof(distinguishedName));
4352 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4354 if (strlen(distinguishedName) == 0)
4356 rc = container_create(ldap_handle, dn_path, afterc, after);
4360 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4361 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4366 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4368 char *attr_array[3];
4369 LK_ENTRY *group_base;
4376 memset(filter, '\0', sizeof(filter));
4377 memset(dName, '\0', sizeof(dName));
4378 memset(cName, '\0', sizeof(cName));
4379 container_get_dn(av[CONTAINER_NAME], dName);
4380 container_get_name(av[CONTAINER_NAME], cName);
4382 if (strlen(dName) == 0)
4384 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4385 return(AD_INVALID_NAME);
4388 if (!check_container_name(cName))
4390 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4391 return(AD_INVALID_NAME);
4394 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4395 attr_array[0] = "distinguishedName";
4396 attr_array[1] = NULL;
4399 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4400 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4402 if (group_count == 1)
4404 strcpy(distinguishedName, group_base->value);
4406 linklist_free(group_base);
4410 if (strlen(distinguishedName) == 0)
4412 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4413 attr_array[0] = "distinguishedName";
4414 attr_array[1] = NULL;
4417 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4418 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4420 if (group_count == 1)
4422 strcpy(distinguishedName, group_base->value);
4424 linklist_free(group_base);
4432 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4433 char *distinguishedName, int count, char **av)
4435 char *attr_array[5];
4436 LK_ENTRY *group_base;
4441 char *moiraId_v[] = {NULL, NULL};
4442 char *desc_v[] = {NULL, NULL};
4443 char *managedBy_v[] = {NULL, NULL};
4444 char managedByDN[256];
4453 strcpy(ad_path, distinguishedName);
4454 if (strlen(dName) != 0)
4455 sprintf(ad_path, "%s,%s", dName, dn_path);
4457 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4458 if (strlen(av[CONTAINER_ID]) != 0)
4459 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4460 attr_array[0] = "mitMoiraId";
4461 attr_array[1] = "description";
4462 attr_array[2] = "managedBy";
4463 attr_array[3] = NULL;
4466 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4467 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4469 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4470 av[CONTAINER_NAME], ldap_err2string(rc));
4473 memset(managedByDN, '\0', sizeof(managedByDN));
4474 memset(moiraId, '\0', sizeof(moiraId));
4475 memset(desc, '\0', sizeof(desc));
4479 if (!strcasecmp(pPtr->attribute, "description"))
4480 strcpy(desc, pPtr->value);
4481 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4482 strcpy(managedByDN, pPtr->value);
4483 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4484 strcpy(moiraId, pPtr->value);
4487 linklist_free(group_base);
4492 if (strlen(av[CONTAINER_ROWID]) != 0)
4494 moiraId_v[0] = av[CONTAINER_ROWID];
4495 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4497 if (strlen(av[CONTAINER_DESC]) != 0)
4499 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4503 if (strlen(desc) != 0)
4505 attribute_update(ldap_handle, ad_path, "", "description", dName);
4508 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4510 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4512 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4514 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4515 managedBy_v[0] = managedByDN;
4516 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4520 if (strlen(managedByDN) != 0)
4522 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4528 memset(filter, '\0', sizeof(filter));
4529 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4531 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4533 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4535 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4537 if (strlen(filter) != 0)
4539 attr_array[0] = "distinguishedName";
4540 attr_array[1] = NULL;
4543 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4544 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4546 if (group_count == 1)
4548 strcpy(managedByDN, group_base->value);
4549 managedBy_v[0] = managedByDN;
4550 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4554 if (strlen(managedByDN) != 0)
4556 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4559 linklist_free(group_base);
4566 if (strlen(managedByDN) != 0)
4568 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4575 return(LDAP_SUCCESS);
4577 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4578 for (i = 0; i < n; i++)
4580 if (rc != LDAP_SUCCESS)
4582 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4583 av[CONTAINER_NAME], ldap_err2string(rc));
4589 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4591 char *attr_array[3];
4592 LK_ENTRY *group_base;
4599 int NumberOfEntries = 10;
4603 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4605 for (i = 0; i < 3; i++)
4607 memset(filter, '\0', sizeof(filter));
4610 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4611 attr_array[0] = "cn";
4612 attr_array[1] = NULL;
4616 strcpy(filter, "(objectClass=computer)");
4617 attr_array[0] = "cn";
4618 attr_array[1] = NULL;
4622 strcpy(filter, "(objectClass=organizationalUnit)");
4623 attr_array[0] = "ou";
4624 attr_array[1] = NULL;
4629 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
4630 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4634 if (group_count == 0)
4639 if (!strcasecmp(pPtr->attribute, "cn"))
4641 sprintf(new_cn, "cn=%s", pPtr->value);
4643 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
4645 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
4649 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
4651 if (rc == LDAP_ALREADY_EXISTS)
4653 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
4660 else if (!strcasecmp(pPtr->attribute, "ou"))
4662 rc = ldap_delete_s(ldap_handle, pPtr->dn);
4666 linklist_free(group_base);
4674 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
4676 LK_ENTRY *group_base;
4680 char *attr_array[3];
4687 strcpy(NewMachineName, member);
4688 rc = moira_connect();
4689 rc = GetMachineName(NewMachineName);
4691 if (strlen(NewMachineName) == 0)
4693 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
4698 pPtr = strchr(NewMachineName, '.');
4704 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
4705 attr_array[0] = "cn";
4706 attr_array[1] = NULL;
4707 sprintf(temp, "%s", dn_path);
4708 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4709 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4711 com_err(whoami, 0, "Unable to process machine %s : %s",
4712 member, ldap_err2string(rc));
4715 if (group_count != 1)
4717 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
4721 strcpy(dn, group_base->dn);
4722 strcpy(cn, group_base->value);
4723 for (i = 0; i < (int)strlen(dn); i++)
4724 dn[i] = tolower(dn[i]);
4725 for (i = 0; i < (int)strlen(cn); i++)
4726 cn[i] = tolower(cn[i]);
4727 linklist_free(group_base);
4729 pPtr = strstr(dn, cn);
4732 com_err(whoami, 0, "Unable to process machine %s",
4736 pPtr += strlen(cn) + 1;
4737 strcpy(machine_ou, pPtr);
4739 pPtr = strstr(machine_ou, "dc=");
4742 com_err(whoami, 0, "Unable to process machine %s",
4751 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
4756 char MachineName[128];
4758 char *attr_array[3];
4763 LK_ENTRY *group_base;
4768 strcpy(MachineName, MoiraMachineName);
4769 rc = GetMachineName(MachineName);
4770 if (strlen(MachineName) == 0)
4772 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
4776 cPtr = strchr(MachineName, '.');
4779 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
4780 attr_array[0] = "sAMAccountName";
4781 attr_array[1] = NULL;
4782 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
4783 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4785 com_err(whoami, 0, "Unable to process machine %s : %s",
4786 MoiraMachineName, ldap_err2string(rc));
4790 if (group_count == 1)
4791 strcpy(OldDn, group_base->dn);
4792 linklist_free(group_base);
4794 if (group_count != 1)
4796 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
4799 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
4800 cPtr = strchr(OldDn, ',');
4804 if (!strcasecmp(cPtr, NewOu))
4807 sprintf(NewCn, "CN=%s", MachineName);
4808 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
4812 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
4818 memset(Name, '\0', sizeof(Name));
4819 strcpy(Name, machine_name);
4821 pPtr = strchr(Name, '.');
4825 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
4828 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
4834 av[0] = machine_name;
4835 call_args[0] = (char *)container_name;
4836 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
4841 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
4846 strcpy(call_args[0], av[1]);
4850 int Moira_container_group_create(char **after)
4856 memset(GroupName, '\0', sizeof(GroupName));
4857 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
4858 after[CONTAINER_ROWID]);
4862 argv[L_NAME] = GroupName;
4863 argv[L_ACTIVE] = "1";
4864 argv[L_PUBLIC] = "0";
4865 argv[L_HIDDEN] = "0";
4866 argv[L_MAILLIST] = "0";
4867 argv[L_GROUP] = "1";
4868 argv[L_GID] = UNIQUE_GID;
4869 argv[L_NFSGROUP] = "0";
4870 argv[L_MAILMAN] = "0";
4871 argv[L_MAILMAN_SERVER] = "[NONE]";
4872 argv[L_DESC] = "auto created container group";
4873 argv[L_ACE_TYPE] = "USER";
4874 argv[L_MEMACE_TYPE] = "USER";
4875 argv[L_ACE_NAME] = "sms";
4876 argv[L_MEMACE_NAME] = "sms";
4878 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
4880 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
4881 GroupName, after[CONTAINER_NAME], error_message(rc));
4884 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
4885 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
4890 int Moira_container_group_update(char **before, char **after)
4893 char BeforeGroupName[64];
4894 char AfterGroupName[64];
4897 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
4900 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
4901 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
4902 if (strlen(BeforeGroupName) == 0)
4905 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
4906 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
4907 after[CONTAINER_ROWID]);
4911 if (strcasecmp(BeforeGroupName, AfterGroupName))
4913 argv[L_NAME] = BeforeGroupName;
4914 argv[L_NAME + 1] = AfterGroupName;
4915 argv[L_ACTIVE + 1] = "1";
4916 argv[L_PUBLIC + 1] = "0";
4917 argv[L_HIDDEN + 1] = "0";
4918 argv[L_MAILLIST + 1] = "0";
4919 argv[L_GROUP + 1] = "1";
4920 argv[L_GID + 1] = UNIQUE_GID;
4921 argv[L_NFSGROUP + 1] = "0";
4922 argv[L_MAILMAN + 1] = "0";
4923 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
4924 argv[L_DESC + 1] = "auto created container group";
4925 argv[L_ACE_TYPE + 1] = "USER";
4926 argv[L_MEMACE_TYPE + 1] = "USER";
4927 argv[L_ACE_NAME + 1] = "sms";
4928 argv[L_MEMACE_NAME + 1] = "sms";
4930 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
4932 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
4933 BeforeGroupName, AfterGroupName, error_message(rc));
4940 int Moira_container_group_delete(char **before)
4945 char ParentGroupName[64];
4947 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
4948 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
4950 memset(GroupName, '\0', sizeof(GroupName));
4951 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
4952 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
4954 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
4956 argv[0] = ParentGroupName;
4958 argv[2] = GroupName;
4959 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
4961 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
4962 GroupName, ParentGroupName, error_message(rc));
4966 if (strlen(GroupName) != 0)
4968 argv[0] = GroupName;
4969 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
4971 com_err(whoami, 0, "Unable to delete container group %s : %s",
4972 GroupName, error_message(rc));
4979 int Moira_groupname_create(char *GroupName, char *ContainerName,
4980 char *ContainerRowID)
4985 char newGroupName[64];
4986 char tempGroupName[64];
4992 strcpy(temp, ContainerName);
4994 ptr1 = strrchr(temp, '/');
4999 ptr1 = strrchr(temp, '/');
5002 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
5005 strcpy(tempgname, ptr);
5008 strcpy(tempgname, temp);
5010 if (strlen(tempgname) > 25)
5011 tempgname[25] ='\0';
5013 sprintf(newGroupName, "cnt-%s", tempgname);
5015 /* change everything to lower case */
5020 *ptr = tolower(*ptr);
5026 strcpy(tempGroupName, newGroupName);
5028 /* append 0-9 then a-z if a duplicate is found */
5031 argv[0] = newGroupName;
5032 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5034 if (rc == MR_NO_MATCH)
5036 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5037 ContainerName, error_message(rc));
5040 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5043 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
5053 strcpy(GroupName, newGroupName);
5057 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5062 argv[0] = origContainerName;
5063 argv[1] = GroupName;
5065 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5067 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5068 GroupName, origContainerName, error_message(rc));
5074 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5076 char ContainerName[64];
5077 char ParentGroupName[64];
5081 strcpy(ContainerName, origContainerName);
5083 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5084 /* top-level container */
5085 if (strlen(ParentGroupName) == 0)
5088 argv[0] = ParentGroupName;
5090 argv[2] = GroupName;
5091 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5093 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5094 GroupName, ParentGroupName, error_message(rc));
5099 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5104 strcpy(call_args[0], av[1]);
5108 int Moira_getGroupName(char *origContainerName, char *GroupName,
5111 char ContainerName[64];
5117 strcpy(ContainerName, origContainerName);
5121 ptr = strrchr(ContainerName, '/');
5128 argv[0] = ContainerName;
5130 call_args[0] = GroupName;
5131 call_args[1] = NULL;
5133 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5136 if (strlen(GroupName) != 0)
5141 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5142 ContainerName, error_message(rc));
5144 com_err(whoami, 0, "Unable to get container group from container %s",
5149 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5155 if (strcmp(GroupName, "[none]") == 0)
5158 argv[0] = GroupName;
5159 argv[1] = "MACHINE";
5160 argv[2] = MachineName;
5162 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5164 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5167 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5168 MachineName, GroupName, error_message(rc));
5173 int GetMachineName(char *MachineName)
5176 char NewMachineName[1024];
5183 // If the address happens to be in the top-level MIT domain, great!
5184 strcpy(NewMachineName, MachineName);
5185 for (i = 0; i < (int)strlen(NewMachineName); i++)
5186 NewMachineName[i] = toupper(NewMachineName[i]);
5187 szDot = strchr(NewMachineName,'.');
5188 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5193 // If not, see if it has a Moira alias in the top-level MIT domain.
5194 memset(NewMachineName, '\0', sizeof(NewMachineName));
5196 args[1] = MachineName;
5197 call_args[0] = NewMachineName;
5198 call_args[1] = NULL;
5199 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5201 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5202 MachineName, error_message(rc));
5203 strcpy(MachineName, "");
5207 if (strlen(NewMachineName) != 0)
5208 strcpy(MachineName, NewMachineName);
5210 strcpy(MachineName, "");
5215 int ProcessMachineName(int ac, char **av, void *ptr)
5218 char MachineName[1024];
5223 if (strlen(call_args[0]) == 0)
5225 strcpy(MachineName, av[0]);
5226 for (i = 0; i < (int)strlen(MachineName); i++)
5227 MachineName[i] = toupper(MachineName[i]);
5228 szDot = strchr(MachineName,'.');
5229 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5231 strcpy(call_args[0], MachineName);
5237 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5243 for (i = 0; i < n; i++)
5245 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5246 mods[i]->mod_type = "uidNumber";
5252 for (i = 0; i < n; i++)
5254 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5255 mods[i]->mod_type = "msSFU30UidNumber";
5261 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5262 char *WinHomeDir, char *WinProfileDir,
5263 char **homedir_v, char **winProfile_v,
5264 char **drives_v, LDAPMod **mods,
5272 char winProfile[1024];
5277 LDAPMod *DelMods[20];
5279 memset(homeDrive, '\0', sizeof(homeDrive));
5280 memset(path, '\0', sizeof(path));
5281 memset(winPath, '\0', sizeof(winPath));
5282 memset(winProfile, '\0', sizeof(winProfile));
5284 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5286 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5288 memset(cWeight, 0, sizeof(cWeight));
5289 memset(cPath, 0, sizeof(cPath));
5292 while (hp[i] != NULL)
5294 if (sscanf(hp[i], "%*s %s", cPath))
5296 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5298 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5300 if (atoi(cWeight) < last_weight)
5302 strcpy(path, cPath);
5303 last_weight = (int)atoi(cWeight);
5307 strcpy(path, cPath);
5314 if (!strnicmp(path, AFS, strlen(AFS)))
5316 AfsToWinAfs(path, winPath);
5317 strcpy(winProfile, winPath);
5318 strcat(winProfile, "\\.winprofile");
5326 if ((!strcasecmp(WinHomeDir, "[dfs]")) || (!strcasecmp(WinProfileDir, "[dfs]")))
5328 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain, user_name[0], user_name);
5329 if (!strcasecmp(WinProfileDir, "[dfs]"))
5331 strcpy(winProfile, path);
5332 strcat(winProfile, "\\.winprofile");
5334 if (!strcasecmp(WinHomeDir, "[dfs]"))
5335 strcpy(winPath, path);
5348 if (!strcasecmp(WinHomeDir, "[local]"))
5349 memset(winPath, '\0', sizeof(winPath));
5350 else if (!strcasecmp(WinHomeDir, "[afs]") || !strcasecmp(WinHomeDir, "[dfs]"))
5352 strcpy(homeDrive, "H:");
5356 strcpy(winPath, WinHomeDir);
5357 if (!strncmp(WinHomeDir, "\\\\", 2))
5359 strcpy(homeDrive, "H:");
5363 // nothing needs to be done if WinProfileDir is [afs].
5364 if (!strcasecmp(WinProfileDir, "[local]"))
5365 memset(winProfile, '\0', sizeof(winProfile));
5366 else if (strcasecmp(WinProfileDir, "[afs]") && strcasecmp(WinProfileDir, "[dfs]"))
5368 strcpy(winProfile, WinProfileDir);
5371 if (strlen(winProfile) != 0)
5373 if (winProfile[strlen(winProfile) - 1] == '\\')
5374 winProfile[strlen(winProfile) - 1] = '\0';
5376 if (strlen(winPath) != 0)
5378 if (winPath[strlen(winPath) - 1] == '\\')
5379 winPath[strlen(winPath) - 1] = '\0';
5382 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5383 strcat(winProfile, "\\");
5384 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5385 strcat(winPath, "\\");
5387 if (strlen(winPath) == 0)
5389 if (OpType == LDAP_MOD_REPLACE)
5392 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5394 //unset homeDirectory attribute for user.
5395 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5401 homedir_v[0] = strdup(winPath);
5402 ADD_ATTR("homeDirectory", homedir_v, OpType);
5405 if (strlen(winProfile) == 0)
5407 if (OpType == LDAP_MOD_REPLACE)
5410 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5412 //unset profilePate attribute for user.
5413 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5419 winProfile_v[0] = strdup(winProfile);
5420 ADD_ATTR("profilePath", winProfile_v, OpType);
5423 if (strlen(homeDrive) == 0)
5425 if (OpType == LDAP_MOD_REPLACE)
5428 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5430 //unset homeDrive attribute for user
5431 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5437 drives_v[0] = strdup(homeDrive);
5438 ADD_ATTR("homeDrive", drives_v, OpType);
5444 int GetServerList(char *ldap_domain, char **ServerList)
5452 int ServerListFound;
5453 char default_server[256];
5455 char *attr_array[3];
5460 LK_ENTRY *group_base;
5465 memset(default_server, '\0', sizeof(default_server));
5466 memset(dn_path, '\0', sizeof(dn_path));
5467 for (i = 0; i < MAX_SERVER_NAMES; i++)
5469 if (ServerList[i] != NULL)
5471 free(ServerList[i]);
5472 ServerList[i] = NULL;
5475 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5479 for (i = 0; i < MAX_SERVER_NAMES; i++)
5481 ServerList[i] = NULL;
5484 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5488 ServerListFound = 0;
5490 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5491 attr_array[0] = "fSMORoleOwner";
5492 attr_array[1] = NULL;
5493 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5494 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5496 if (group_count != 0)
5498 sPtr = strstr(group_base->value, ",CN=");
5501 sPtr += strlen(",CN=");
5502 if (ServerList[0] == NULL)
5503 ServerList[0] = calloc(1, 256);
5504 strcpy(ServerList[0], sPtr);
5505 sPtr = strstr(ServerList[0], ",");
5509 ServerListFound = 1;
5513 linklist_free(group_base);
5517 attr_array[0] = "cn";
5518 attr_array[1] = NULL;
5519 strcpy(filter, "(cn=*)");
5520 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5522 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5523 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5525 if (group_count != 0)
5528 while (gPtr != NULL)
5530 if (ServerListFound != 0)
5532 if (!strcasecmp(ServerList[0], gPtr->value))
5538 if (Count < MAX_SERVER_NAMES)
5540 if (ServerList[Count] == NULL)
5541 ServerList[Count] = calloc(1, 256);
5542 strcpy(ServerList[Count], gPtr->value);
5549 linklist_free(group_base);
5555 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5556 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5558 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5559 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5561 if (group_count != 0)
5566 linklist_free(group_base);
5570 sprintf(temp, "%s%s.cfg", CFG_PATH, ldap_domain);
5571 if ((fptr = fopen(temp, "w+")) != NULL)
5573 fprintf(fptr, "%s %s\n", DOMAIN, ldap_domain);
5574 if (strlen(PrincipalName) != 0)
5575 fprintf(fptr, "%s %s\n", PRINCIPALNAME, PrincipalName);
5577 fprintf(fptr, "%s %s\n", MSSFU, SFUTYPE);
5578 for (i = 0; i < MAX_SERVER_NAMES; i++)
5580 if (ServerList[i] != NULL)
5582 fprintf(fptr, "%s %s\n", SERVER, ServerList[i]);
5587 ldap_unbind_s(ldap_handle);
5589 for (i = 0; i < MAX_SERVER_NAMES; i++)
5591 if (ServerList[i] != NULL)
5593 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
5594 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
5595 strcat(ServerList[i], ".");
5596 strcat(ServerList[i], ldap_domain);
5597 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5598 ServerList[i][k] = toupper(ServerList[i][k]);
5605 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5606 char *attribute_value, char *attribute, char *user_name)
5608 char *mod_v[] = {NULL, NULL};
5609 LDAPMod *DelMods[20];
5615 if (strlen(attribute_value) == 0)
5618 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5620 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5626 mod_v[0] = attribute_value;
5627 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5629 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5633 mod_v[0] = attribute_value;
5634 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5636 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5638 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5639 attribute, user_name, ldap_err2string(rc));
5647 int tickets_get_k5()
5650 char KinitPath[128];
5653 static char EnvVar[128];
5654 static char EnvVar1[128];
5656 strcpy(EnvVar, KRB5CCNAME);
5657 retval = putenv(EnvVar);
5658 strcpy(EnvVar1, KRBTKFILE);
5659 retval = putenv(EnvVar1);
5661 for (i = 0; i < (int)strlen(PrincipalName); i++)
5662 PrincipalName[i] = tolower(PrincipalName[i]);
5663 if (strlen(PrincipalName) == 0)
5665 strcpy(PrincipalName, PRODUCTION_PRINCIPAL);
5666 if (strcasecmp(ldap_domain, PRIMARY_DOMAIN))
5667 strcpy(PrincipalName, TEST_PRINCIPAL);
5670 memset(KinitPath, '\0',sizeof(KinitPath));
5672 strcpy(KinitPath, "/usr/athena/bin/");
5674 sprintf(temp, "%skinit -k -t %s %s", KinitPath, KEYTABFILE, PrincipalName);
5675 retval = system(temp);
5678 com_err(whoami, 0, "%s failed", temp);
5679 sprintf(temp, "%skinit -5 -k -t %s %s", KinitPath, KEYTABFILE, PrincipalName);
5680 retval = system(temp);
5683 com_err(whoami, 0, "%s failed", temp);
5693 if (tickets_get_k5())
5696 if (tickets_get_k5())
5698 com_err(whoami, 0, "%s", "Unable to get kerberos tickets");
5699 critical_alert("AD incremental", "%s",
5700 "winad.incr incremental failed (unable to get kerberos tickets)");
5707 int destroy_cache(void)
5709 krb5_context context;
5715 if (!krb5_init_context(&context))
5717 if (!krb5_cc_default(context, &cache))
5718 rc = krb5_cc_destroy(context, cache);
5720 if (context != NULL)
5721 krb5_free_context(context);
5728 void StringTrim(char *StringToTrim)
5734 if (strlen(StringToTrim) == 0)
5737 cPtr = StringToTrim;
5738 while (isspace(*cPtr))
5743 if (strlen(temp) == 0)
5745 strcpy(StringToTrim, temp);
5753 if (!isspace(temp[i-1]))
5758 strcpy(StringToTrim, temp);
5762 int ReadConfigFile(char *DomainName)
5773 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
5774 if ((fptr = fopen(temp, "r")) != NULL)
5776 while (fgets(temp, sizeof(temp), fptr) != 0)
5778 for (i = 0; i < (int)strlen(temp); i++)
5779 temp[i] = toupper(temp[i]);
5780 if (temp[strlen(temp) - 1] == '\n')
5781 temp[strlen(temp) - 1] = '\0';
5783 if (strlen(temp) == 0)
5785 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
5787 if (strlen(temp) > (strlen(DOMAIN)))
5789 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
5790 StringTrim(ldap_domain);
5793 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
5795 if (strlen(temp) > (strlen(PRINCIPALNAME)))
5797 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
5798 StringTrim(PrincipalName);
5801 else if (!strncmp(temp, SERVER, strlen(SERVER)))
5803 if (strlen(temp) > (strlen(SERVER)))
5805 ServerList[Count] = calloc(1, 256);
5806 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
5807 StringTrim(ServerList[Count]);
5811 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
5813 if (strlen(temp) > (strlen(MSSFU)))
5815 strcpy(temp1, &temp[strlen(MSSFU)]);
5817 if (!strcmp(temp1, SFUTYPE))
5821 else if (!strcasecmp(temp, "NOCHANGE"))
5823 NoChangeConfigFile = 1;
5827 if (strlen(ldap_domain) != 0)
5829 memset(ldap_domain, '\0', sizeof(ldap_domain));
5832 if (strlen(temp) != 0)
5833 strcpy(ldap_domain, temp);
5839 if (strlen(ldap_domain) == 0)
5841 strcpy(ldap_domain, DomainName);
5845 for (i = 0; i < Count; i++)
5847 if (ServerList[i] != 0)
5849 strcat(ServerList[i], ".");
5850 strcat(ServerList[i], ldap_domain);
5851 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5852 ServerList[i][k] = toupper(ServerList[i][k]);
5858 int ReadDomainList()
5865 unsigned char c[11];
5866 unsigned char stuff[256];
5871 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
5872 if ((fptr = fopen(temp, "r")) != NULL)
5874 while (fgets(temp, sizeof(temp), fptr) != 0)
5876 for (i = 0; i < (int)strlen(temp); i++)
5877 temp[i] = toupper(temp[i]);
5878 if (temp[strlen(temp) - 1] == '\n')
5879 temp[strlen(temp) - 1] = '\0';
5881 if (strlen(temp) == 0)
5883 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
5885 if (strlen(temp) > (strlen(DOMAIN)))
5887 strcpy(temp1, &temp[strlen(DOMAIN)]);
5889 strcpy(temp, temp1);
5893 rc = sscanf(temp, "%c%c%c%c%c.%c%c%c.%c%c%c%s", &c[0],
5894 &c[1], &c[2], &c[3], &c[4], &c[5], &c[6],
5895 &c[7], &c[8], &c[9], &c[10], stuff);
5898 rc = sscanf(temp, "%c%c%c%c.%c%c%c.%c%c%c%s", &c[0],
5899 &c[1], &c[2], &c[3], &c[4], &c[5], &c[6],
5900 &c[7], &c[8], &c[9], stuff);
5903 rc = sscanf(temp, "%c%c%%c.%c%c%c.%c%c%c%s", &c[0],
5904 &c[1], &c[2], &c[3], &c[4], &c[5],
5905 &c[6], &c[7], &c[8], stuff);
5908 UpdateDomainList = 1;
5915 strcpy(DomainNames[Count], temp);
5916 StringTrim(DomainNames[Count]);
5924 critical_alert("incremental", "%s",
5925 "winad.incr cannot run due to a configuration error in winad.cfg");
5931 void WriteDomainList()
5937 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
5938 if ((fptr = fopen(temp, "w+")) != NULL)
5940 for (i = 0; i < MAX_DOMAINS; i++)
5942 if (strlen(DomainNames[i]) != 0)
5944 fprintf(fptr, "%s\n", DomainNames[i]);