+
+ if (afterc)
+ edit_group(1, after[LM_LIST], after[LM_TYPE], after[LM_MEMBER]);
+ if (beforec)
+ edit_group(0, after[LM_LIST], after[LM_TYPE], after[LM_MEMBER]);
+}
+
+
+get_members(ac, av, group)
+ int ac;
+ char *av[];
+ char *group;
+{
+ int code=0;
+
+ if (strcmp(av[0], "LIST")) {
+ sleep(1); /* give the ptserver room */
+ edit_group(1, group, av[0], av[1]);
+ } else {
+ code = mr_query("get_members_of_list", 1, &av[1], get_members, group);
+ if (code)
+ critical_alert("incremental",
+ "Couldn't retrieve full membership of %s: %s",
+ group, error_message(code));
+ }
+ return code;
+}
+
+
+edit_group(op, group, type, member)
+ int op;
+ char *group;
+ char *type;
+ char *member;
+{
+ char *p = 0;
+ char buf[PR_MAXNAMELEN];
+ int (*fn)();
+ int code;
+ static char local_realm[REALM_SZ+1] = "";
+ extern long pr_AddToGroup(), pr_RemoveUserFromGroup();
+
+ fn = op ? pr_AddToGroup : pr_RemoveUserFromGroup;
+
+ /* The following KERBEROS code allows for the use of entities
+ * user@foreign_cell.
+ */
+ if (!local_realm[0])
+ krb_get_lrealm(local_realm, 1);
+ if (!strcmp(type, "KERBEROS")) {
+ p = index(member, '@');
+ if (p && !strcasecmp(p+1, local_realm))
+ *p = 0;
+ } else if (strcmp(type, "USER"))
+ return; /* invalid type */
+
+ strcpy(buf, "system:");
+ strcat(buf, group);
+ code = (*fn)(member, buf);
+ if (code) {
+ if (op==0 && code == PRNOENT) return;
+ if (op==1 && code == PRIDEXIST) return;
+ if (strcmp(type, "KERBEROS") || code != PRNOENT) {
+ critical_alert("incremental",
+ "Couldn't %s %s %s %s: %s",
+ op ? "add" : "remove", member,
+ op ? "to" : "from", buf,
+ error_message(code));
+ }