2 * Copyright (c) 1993, 1994 Regents of the University of Michigan.
5 * Redistribution and use in source and binary forms are permitted
6 * provided that this notice is preserved and that due credit is given
7 * to the University of Michigan at Ann Arbor. The name of the University
8 * may not be used to endorse or promote products derived from this
9 * software without specific prior written permission. This software
10 * is provided ``as is'' without express or implied warranty.
21 #include <ldapconfig.h>
24 extern LDAPMessage * find();
30 extern char *bound_dn, *group_base;
31 extern int verbose, bind_status;
32 extern struct entry Entry;
40 register int i, idx = 0, prompt = 0;
41 char tmp[BUFSIZ], dn[BUFSIZ];
42 static LDAPMod *attrs[9];
43 LDAPMod init_rdn, init_owner, init_domain,
44 init_errors, init_request, init_joinable;
45 char *init_rdn_value[2], *init_owner_value[2], *init_domain_value[2],
46 *init_errors_value[MAX_VALUES], *init_joinable_value[2],
47 *init_request_value[MAX_VALUES];
48 extern void ldap_flush_cache();
49 extern char * strip_ignore_chars();
52 if (debug & D_TRACE) {
54 printf("->add_group(NULL)\n");
56 printf("->add_group(%s)\n", name);
60 if (bind_status == UD_NOT_BOUND) {
61 if (auth((char *) NULL, 1) < 0) {
67 * If the user did not supply us with a name, prompt them for
70 if ((name == NULL) || (*name == '\0') || !strcasecmp(name, "group")) {
72 printf(" Group to create? ");
74 fetch_buffer(tmp, sizeof(tmp), stdin);
80 /* remove quotes, dots, and underscores. */
81 name = strip_ignore_chars(name);
84 if (isauniqname(name)) {
85 printf(" '%s' could be confused with a U-M uniqname.\n", name);
86 printf(" You can create the group, but you need to make sure that\n");
87 printf(" you reserve the uniqname for use as your groupname\n\n");
88 printf(" Are you sure that you want to do this? ");
90 fetch_buffer(tmp, sizeof(tmp), stdin);
91 if (!(tmp[0] == 'y' || tmp[0] == 'Y'))
93 printf("\n Be sure to contact your uniqname administrator to reserve\n");
94 printf(" the uniqname '%s' for use as your group name.\n", name);
97 sprintf(dn, "cn=%s, %s", name, group_base);
100 * Make sure that this group does not already exist.
102 if (vrfy(dn) == TRUE) {
103 printf(" The group \"%s\" already exists.\n", name);
108 * Take the easy way out: Fill in some reasonable values for
109 * the most important fields, and make the user use the modify
110 * command to change them, or to give values to other fields.
112 init_rdn_value[0] = name;
113 init_rdn_value[1] = NULL;
114 init_rdn.mod_op = LDAP_MOD_ADD;
115 init_rdn.mod_type = "cn";
116 init_rdn.mod_values = init_rdn_value;
117 attrs[idx++] = &init_rdn;
119 init_owner_value[0] = bound_dn;
120 init_owner_value[1] = NULL;
121 init_owner.mod_op = LDAP_MOD_ADD;
122 init_owner.mod_type = "owner";
123 init_owner.mod_values = init_owner_value;
124 attrs[idx++] = &init_owner;
127 init_domain_value[0] = "umich.edu";
129 init_domain_value[0] = ".";
131 init_domain_value[1] = NULL;
132 init_domain.mod_op = LDAP_MOD_ADD;
133 init_domain.mod_type = "associatedDomain";
134 init_domain.mod_values = init_domain_value;
135 attrs[idx++] = &init_domain;
137 init_errors_value[0] = bound_dn;
138 init_errors_value[1] = NULL;
139 init_errors.mod_op = LDAP_MOD_ADD;
140 init_errors.mod_type = "ErrorsTo";
141 init_errors.mod_values = init_errors_value;
142 attrs[idx++] = &init_errors;
144 init_request_value[0] = bound_dn;
145 init_request_value[1] = NULL;
146 init_request.mod_op = LDAP_MOD_ADD;
147 init_request.mod_type = "RequestsTo";
148 init_request.mod_values = init_request_value;
149 attrs[idx++] = &init_request;
151 init_joinable_value[0] = "FALSE";
152 init_joinable_value[1] = NULL;
153 init_joinable.mod_op = LDAP_MOD_ADD;
154 init_joinable.mod_type = "joinable";
155 init_joinable.mod_values = init_joinable_value;
156 attrs[idx++] = &init_joinable;
158 /* end it with a NULL */
162 if (debug & D_GROUPS) {
163 register LDAPMod **lpp;
166 extern char * code_to_str();
167 printf(" About to call ldap_add()\n");
168 printf(" ld = 0x%x\n", ld);
169 printf(" dn = [%s]\n", dn);
170 for (lpp = attrs, i = 0; *lpp != NULL; lpp++, i++) {
171 printf(" attrs[%1d] code = %s type = %s\n", i,
172 code_to_str((*lpp)->mod_op), (*lpp)->mod_type);
173 for (cpp = (*lpp)->mod_values, j = 0; *cpp != NULL; cpp++, j++)
174 printf(" value #%1d = %s\n", j, *cpp);
175 printf(" value #%1d = NULL\n", j);
181 * Now add this to the X.500 Directory.
183 if (ldap_add_s(ld, dn, attrs) != 0) {
184 ldap_perror(ld, " ldap_add_s");
185 printf(" Group not added.\n");
186 if (prompt) Free(name);
190 printf(" Group \"%s\" has been added to the Directory\n",
194 * We need to blow away the cache here.
196 * Since we first looked up the name before trying to create it,
197 * and that look-up failed, the cache will falsely claim that this
198 * entry does not exist.
200 (void) ldap_flush_cache(ld);
201 if (prompt) Free(name);
205 void remove_group(name)
208 char *dn, tmp[BUFSIZ];
209 static char * bind_and_fetch();
212 if (debug & D_TRACE) {
214 printf("->remove_group(NULL)\n");
216 printf("->remove_group(%s)\n", name);
219 if ((dn = bind_and_fetch(name)) == NULL)
222 printf("\n The group '%s' will be permanently removed from\n",
224 printf(" the Directory. Are you absolutely sure that you want to\n" ); printf(" remove this entire group? ");
226 fetch_buffer(tmp, sizeof(tmp), stdin);
227 if (!(tmp[0] == 'y' || tmp[0] == 'Y'))
231 * Now remove this from the X.500 Directory.
233 if (ldap_delete_s(ld, dn) != 0) {
234 if (ld->ld_errno == LDAP_INSUFFICIENT_ACCESS)
235 printf(" You do not own the group \"%s\".\n", name);
237 ldap_perror(ld, " ldap_delete_s");
238 printf(" Group not removed.\n");
242 ldap_uncache_entry(ld, dn);
245 printf(" The group has been removed.\n");
247 printf(" The group \"%s\" has been removed.\n", name);
252 void x_group(action, name)
257 char *values[2], *group_name;
258 LDAPMod mod, *mods[2];
259 static char *actions[] = { "join", "resign from", NULL };
260 static char * bind_and_fetch();
263 if (debug & D_TRACE) {
265 printf("->x_group(%d, NULL)\n", action);
267 printf("->x_group(%d, %s)\n", action, name);
271 /* the action desired sets the opcode to use */
274 mod.mod_op = LDAP_MOD_ADD;
277 mod.mod_op = LDAP_MOD_DELETE;
280 printf("x_group: %d is not a known action\n", action);
283 if ((group_name = bind_and_fetch(name)) == NULL)
285 vp = Entry.attrs[attr_to_index("joinable")].values;
286 if (action == G_JOIN) {
288 printf(" No one is permitted to join \"%s\"\n", group_name);
292 if (!strcasecmp(*vp, "FALSE")) {
293 printf(" No one is permitted to join \"%s\"\n", group_name);
299 /* fill in the rest of the modification structure */
301 mods[1] = (LDAPMod *) NULL;
302 values[0] = Entry.DN;
304 mod.mod_type = "memberOfGroup";
305 mod.mod_values = values;
308 if (debug & D_GROUPS) {
309 register LDAPMod **lpp;
312 printf(" About to call ldap_modify_s()\n");
313 printf(" ld = 0x%x\n", ld);
314 printf(" dn = [%s]\n", bound_dn);
315 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
316 printf(" mods[%1d] code = %1d\n", i, (*lpp)->mod_op);
317 printf(" mods[%1d] type = %s\n", i, (*lpp)->mod_type);
318 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
319 printf(" mods[%1d] v[%1d] = %s\n", i, j, *cp);
325 if (ldap_modify_s(ld, bound_dn, mods)) {
326 if ((action == G_JOIN) && (ld->ld_errno == LDAP_TYPE_OR_VALUE_EXISTS))
327 printf(" You are already subscribed to \"%s\"\n", group_name);
328 else if ((action == G_RESIGN) && (ld->ld_errno == LDAP_NO_SUCH_ATTRIBUTE))
329 printf(" You are not subscribed to \"%s\"\n", group_name);
335 ldap_uncache_entry(ld, bound_dn);
339 printf(" You are now subscribed to \"%s\"\n", group_name);
342 printf(" You are no longer subscribed to \"%s\"\n", group_name);
350 void bulk_load(group)
353 register int idx_mail, idx_x500;
354 register int count_mail, count_x500;
355 char *values_mail[MAX_VALUES + 1], *values_x500[MAX_VALUES + 1];
356 int added_mail_entries = FALSE, added_x500_entries = FALSE;
357 char s[MED_BUF_SIZE];
358 LDAPMod mod, *mods[2];
365 printf("->bulk_load(%s)\n", group);
368 /* you lose if going through MichNet */
371 printf(" Not allowed via UM-X500 connections.\n");
376 /* fetch entries from the file containing the e-mail addresses */
377 printf("\n File to load? ");
379 fetch_buffer(s, sizeof(s), stdin);
384 if ((fp = fopen(s, "r")) == NULL) {
385 perror("bulk_load: fopen");
389 printf(" Loading group members from %s\n", s);
391 /* load them in MAX_VALUES at a time */
393 for (idx_mail = 0, idx_x500 = 0;
394 idx_mail < MAX_VALUES && idx_x500 < MAX_VALUES; ) {
395 (void) fgets(s, sizeof(s), fp);
403 values_mail[idx_mail++] = strdup(s);
405 if ((lm = find(s, !verbose)) == (LDAPMessage *) NULL) {
406 printf(" Could not locate \"%s\" -- skipping.\n", s);
410 values_x500[idx_x500++] = strdup(Entry.DN);
414 values_mail[idx_mail] = NULL;
415 values_x500[idx_x500] = NULL;
416 count_mail = idx_mail;
417 count_x500 = idx_x500;
420 * Add the e-mail addresses.
422 if (count_mail > 0) {
424 mods[1] = (LDAPMod *) NULL;
425 mod.mod_type = "mail";
426 mod.mod_values = values_mail;
427 if (added_mail_entries)
428 mod.mod_op = LDAP_MOD_ADD;
430 mod.mod_op = LDAP_MOD_REPLACE;
433 if (debug & D_GROUPS) {
434 register LDAPMod **lpp;
437 printf(" About to call ldap_modify_s()\n");
438 printf(" ld = 0x%x\n", ld);
439 printf(" dn = [%s]\n", group);
440 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
441 printf(" mods[%1d] code = %1d\n", i, (*lpp)->mod_op);
442 printf(" mods[%1d] type = %s\n", i, (*lpp)->mod_type);
443 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
444 printf(" mods[%1d] v[%1d] = %s\n", i, j, *cp);
448 if (ldap_modify_s(ld, group, mods))
450 for (idx_mail--; idx_mail >= 0; idx_mail--)
451 Free(values_mail[idx_mail]);
452 ldap_uncache_entry(ld, group);
453 added_mail_entries = TRUE;
458 * Add the X.500 style names.
460 if (count_x500 > 0) {
462 mods[1] = (LDAPMod *) NULL;
463 mod.mod_type = "member";
464 mod.mod_values = values_x500;
465 if (added_x500_entries)
466 mod.mod_op = LDAP_MOD_ADD;
468 mod.mod_op = LDAP_MOD_REPLACE;
471 if (debug & D_GROUPS) {
472 register LDAPMod **lpp;
475 printf(" About to call ldap_modify_s()\n");
476 printf(" ld = 0x%x\n", ld);
477 printf(" dn = [%s]\n", group);
478 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
479 printf(" mods[%1d] code = %1d\n", i, (*lpp)->mod_op);
480 printf(" mods[%1d] type = %s\n", i, (*lpp)->mod_type);
481 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
482 printf(" mods[%1d] v[%1d] = %s\n", i, j, *cp);
486 if (ldap_modify_s(ld, group, mods))
488 for (idx_x500--; idx_x500 >= 0; idx_x500--)
489 Free(values_x500[idx_x500]);
490 ldap_uncache_entry(ld, group);
491 added_x500_entries = TRUE;
496 * If both counts were less than the maximum number we
497 * can handle at a time, then we are done.
499 if ((count_mail < MAX_VALUES) && (count_x500 < MAX_VALUES))
506 void purge_group(group)
511 LDAPMod mod, *mods[2];
512 char dn[BUFSIZ], tmp[BUFSIZ], *values[2], **vp, **rdns;
513 extern char * my_ldap_dn2ufn();
517 if (debug & D_TRACE) {
519 printf("->purge_group(NULL)\n");
521 printf("->purge_group(%s)\n", group);
524 if (bind_status == UD_NOT_BOUND) {
525 if (auth((char *) NULL, 1) < 0)
529 * If the user did not supply us with a name, prompt them for
532 if ((group == NULL) || (*group == '\0')) {
533 printf("Group to purge? ");
535 fetch_buffer(tmp, sizeof(tmp), stdin);
540 sprintf(dn, "cn=%s, %s", group, group_base);
542 /* make sure the group in question exists */
543 if ((lm = find(group, FALSE)) == (LDAPMessage *) NULL) {
544 printf(" Could not locate group \"%s\"\n", group);
550 /* none of this stuff changes */
552 mods[1] = (LDAPMod *) NULL;
556 mod.mod_values = values;
557 mod.mod_type = "member";
558 mod.mod_op = LDAP_MOD_DELETE;
561 * Now cycle through all of the names in the "members" part of the
562 * group (but not the e-mail address part). Lookup each one, and
563 * if it isn't found, let the user know so s/he can delete it.
565 vp = Entry.attrs[attr_to_index("member")].values;
568 printf(" \"%s\" has no X.500 members. There is nothing to purge.\n", group);
571 for (; *vp != NULL; vp++) {
572 char ans[BUFSIZ], *ufn, *label = "Did not find: ";
573 int len = strlen(label);
578 ufn = my_ldap_dn2ufn(*vp);
579 format2(ufn, label, (char *) NULL, 2, 2 + len, col_size);
581 printf(" Purge, Keep, Replace, Abort [Keep]? ");
583 fetch_buffer(ans, sizeof(ans), stdin);
584 if ((ans[0] == '\0') || !strncasecmp(ans, "Keep", strlen(ans)))
586 if (!strncasecmp(ans, "Abort", strlen(ans))) {
587 ldap_uncache_entry(ld, dn);
590 if (!strncasecmp(ans, "Purge", strlen(ans)) || !strncasecmp(ans, "Replace", strlen(ans))) {
593 if (debug & D_GROUPS) {
594 register LDAPMod **lpp;
597 printf(" About to call ldap_modify_s()\n");
598 printf(" ld = 0x%x\n", ld);
599 printf(" dn = [%s]\n", Entry.DN);
600 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
601 printf(" mods[%1d] code = %1d\n", i, (*lpp)->mod_op);
602 printf(" mods[%1d] type = %s\n", i, (*lpp)->mod_type);
603 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
604 printf(" mods[%1d] v[%1d] = %s\n", i, j, *cp);
609 if (ldap_modify_s(ld, Entry.DN, mods))
612 /* now add the replacement if requested */
613 if (!strncasecmp(ans, "Purge", strlen(ans)))
615 rdns = ldap_explode_dn(*vp, TRUE);
616 if ((lm = find(*rdns, FALSE)) == NULL) {
617 printf(" Could not find a replacement for %s; purged only.\n", *rdns);
619 ldap_value_free(rdns);
622 values[0] = ldap_get_dn(ld, ldap_first_entry(ld, lm));
623 mod.mod_op = LDAP_MOD_ADD;
625 if (debug & D_GROUPS) {
626 register LDAPMod **lpp;
629 printf(" About to call ldap_modify_s()\n");
630 printf(" ld = 0x%x\n", ld);
631 printf(" dn = [%s]\n", Entry.DN);
632 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
633 printf(" mods[%1d] code = %1d\n", i, (*lpp)->mod_op);
634 printf(" mods[%1d] type = %s\n", i, (*lpp)->mod_type);
635 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
636 printf(" mods[%1d] v[%1d] = %s\n", i, j, *cp);
641 if (ldap_modify_s(ld, Entry.DN, mods))
644 ldap_value_free(rdns);
646 /* set this back to DELETE for other purges */
647 mod.mod_op = LDAP_MOD_DELETE;
650 printf(" Did not recognize that answer.\n\n");
654 ldap_uncache_entry(ld, Entry.DN);
656 printf(" No entries were purged.\n");
667 static LDAPMod *mods[2] = { &mod, NULL };
668 static char *values[MAX_VALUES];
672 printf("->tidy()\n");
675 if (bind_status == UD_NOT_BOUND) {
676 if (auth((char *) NULL, 1) < 0) {
681 /* lookup the user, and see to which groups he has subscribed */
682 vp = ldap_explode_dn(bound_dn, TRUE);
683 if ((lm = find(*vp, TRUE)) == (LDAPMessage *) NULL) {
684 printf(" Could not locate \"%s\"\n", *vp);
691 vp = Entry.attrs[attr_to_index("memberOfGroup")].values;
693 printf(" You have not subscribed to any groups.\n");
697 /* now, loop through these groups, deleting the bogus */
698 for ( ; *vp != NULL; vp++) {
702 printf(" \"%s\" is not a valid group name.\n", *vp);
703 values[i++] = strdup(*vp);
704 if ( i >= MAX_VALUES ) {
705 printf( " At most %d invalid groups can be removed at one time; skipping the rest.\n", MAX_VALUES );
709 if (found_one == 0) {
711 printf(" You are not a member of any invalid groups. There is nothing to tidy.\n");
715 /* delete the most heinous entries */
717 mod.mod_values = values;
718 mod.mod_op = LDAP_MOD_DELETE;
719 mod.mod_type = "memberOfGroup";
720 if (ldap_modify_s(ld, bound_dn, mods))
722 ldap_uncache_entry(ld, bound_dn);
724 /* tidy up before we finish tidy_up */
731 * This routine is used to modify lists that can contain either Distinguished
732 * Names or e-mail addresses. This includes things like group members,
733 * the errors-to field in groups, and so on.
735 void mod_addrDN(group, offset)
739 extern struct attribute attrlist[];
740 char s[BUFSIZ], *new_value /* was member */, *values[2];
743 LDAPMod mod, *mods[2];
748 printf("->mod_addrDN(%s)\n", group);
751 * At this point the user can indicate that he wishes to add values
752 * to the attribute, delete values from the attribute, or replace the
753 * current list of values with a new list. The first two cases
754 * are very straight-forward, but the last case requires a little
755 * extra care and work.
760 format("There are three options available at this point. You may: Add additional values; Delete values; or Replace the entire list of values with a new list entered interactively.\n", 75, 2);
762 format("There are four options available at this point. You may: Add one or more additional values; Delete one or more existing values; Replace the entire list of values with a new list entered interactively; or Bulk load a new list of values from a file, overwriting the existing list.\n", 75, 2);
765 /* initialize the modififier type */
770 printf(" Do you want to Add, Delete, or Replace? ");
772 printf(" Do you want to Add, Delete, Replace, or Bulk load? ");
774 fetch_buffer(s, sizeof(s), stdin);
779 if (!strncasecmp(s, "add", strlen(s))) {
780 mod.mod_op = LDAP_MOD_ADD;
783 else if (!strncasecmp(s, "delete", strlen(s))) {
784 mod.mod_op = LDAP_MOD_DELETE;
787 else if (!strncasecmp(s, "replace", strlen(s))) {
788 mod.mod_op = LDAP_MOD_REPLACE;
791 else if(!strncasecmp(s, "bulk", strlen(s))) {
798 format("Did not recognize that response. Please use 'A' to add, 'D' to delete, or 'R' to replace the entire list with a new list\n", 75, 2);
800 format("Did not recognize that response. Please use 'A' to add, 'D' to delete, 'R' to replace the entire list with a new list, or 'B' to bulk load a new list from a file\n", 75, 2);
803 if (mod.mod_op == LDAP_MOD_REPLACE) {
804 if ( verbose && !confirm_action( "The entire existing list will be overwritten with the new values you are about to enter." )) {
805 printf("\n Modification halted.\n");
811 format("Values may be specified as a name (which is then looked up in the X.500 Directory) or as a domain-style (i.e., user@domain) e-mail address. Simply hit the RETURN key at the prompt when finished.\n", 75, 2);
816 printf("%s? ", attrlist[offset].output_string);
818 fetch_buffer(s, sizeof(s), stdin);
823 * If the string the user has just typed has an @-sign in it,
824 * then we assume it is an e-mail address. In this case, we
825 * just store away whatever it is they have typed.
827 * If the string had no @-sign, then we look in the Directory,
828 * make sure it exists, and if it does, we add that.
830 * If the string begins with a comma, then strip off the
831 * comma, and pass it along to the LDAP server. This is
832 * the way one can force ud to accept a name. Handy for
833 * debugging purposes.
837 mod.mod_type = attrlist[offset].quipu_name;
839 else if (strchr(s, '@') == NULL) {
840 if ((mp = find(s, FALSE)) == (LDAPMessage *) NULL) {
841 printf(" Could not find \"%s\"\n", s);
842 if (verbose && (mod.mod_op == LDAP_MOD_DELETE)){
844 format("I could not find anything that matched what you typed. You might try the \"purge\" command instead. It is used to purge corrupted or unlocatable entries from a group.", 75, 2);
850 new_value = Entry.DN;
851 mod.mod_type = attrlist[offset].quipu_name;
853 else if (mod.mod_op != LDAP_MOD_DELETE) {
855 * Don't screw around with what the user has typed
856 * if they are simply trying to delete a rfc822mailbox
859 * spaces on the left hand side of the e-mail
860 * address are bad news - we know that there
861 * must be a @-sign in the string, or else we
864 * note that this means a value like:
866 * first m. last@host.domain
868 * will be turned into:
870 * first.m..last@host.domain
872 * and the mailer will need to do the right thing
873 * with this; alternatively we could add code that
874 * collapsed multiple dots into a single dot
876 * Don't screw up things like:
878 * "Bryan Beecher" <bryan@umich.edu>
879 * Bryan Beecher <bryan@umich.edu>
882 if (strchr(s, '<') == NULL) {
883 for (cp = s; *cp != '@'; cp++)
888 strcpy(attrtype, "rfc822");
889 strcat(attrtype, attrlist[offset].quipu_name);
890 mod.mod_type = attrtype;
894 strcpy(attrtype, "rfc822");
895 strcat(attrtype, attrlist[offset].quipu_name);
896 mod.mod_type = attrtype;
899 /* fill in the rest of the ldap_mod() structure */
901 mods[1] = (LDAPMod *) NULL;
903 values[0] = new_value;
905 mod.mod_values = values;
908 if (debug & D_GROUPS) {
909 register LDAPMod **lpp;
912 printf(" About to call ldap_modify_s()\n");
913 printf(" ld = 0x%x\n", ld);
914 printf(" dn = [%s]\n", group);
915 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
916 printf(" mods[%1d] code = %1d\n",
918 printf(" mods[%1d] type = %s\n",
919 i, (*lpp)->mod_type);
920 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
921 printf(" mods[%1d] v[%1d] = %s\n",
927 if (my_ldap_modify_s(ld, group, mods)) {
928 if (ld->ld_errno == LDAP_NO_SUCH_ATTRIBUTE) {
929 printf(" Could not locate value \"%s\"\n",
938 ldap_uncache_entry(ld, group);
941 * If the operation was REPLACE, we now need to "zero out" the
942 * other "half" of the list (e.g., user specified an e-mail
943 * address; now we need to clear the DN part of the list).
945 * NOTE: WE HAVE ALREADY DONE HALF OF THE REPLACE ABOVE.
947 * Also, change the opcode to LDAP_MOD_ADD and give the user an
948 * opportunity to add additional members to the group. We
949 * only take this branch the very first time during a REPLACE
952 if (mod.mod_op == LDAP_MOD_REPLACE) {
953 if (!strncmp(mod.mod_type, "rfc822", 6))
954 mod.mod_type = mod.mod_type + 6;
956 strcpy(attrtype, "rfc822");
957 strcat(attrtype, mod.mod_type);
958 mod.mod_type = attrtype;
962 mod.mod_values = values;
963 mod.mod_op = LDAP_MOD_DELETE;
965 if (debug & D_GROUPS) {
966 register LDAPMod **lpp;
969 printf(" About to call ldap_modify_s()\n");
970 printf(" ld = 0x%x\n", ld);
971 printf(" dn = [%s]\n", group);
972 for (lpp = mods, i = 1; *lpp != NULL; lpp++, i++) {
973 printf(" mods[%1d] code = %1d\n",
975 printf(" mods[%1d] type = %s\n",
976 i, (*lpp)->mod_type);
977 for (cp = (*lpp)->mod_values, j = 1; *cp != NULL; cp++, j++)
978 printf(" mods[%1d] v[%1d] = %s\n", i, j, *cp);
982 if (my_ldap_modify_s(ld, group, mods)) {
984 * A "No such attribute" error is no big deal.
985 * We only wanted to clear the attribute anyhow.
987 if (ld->ld_errno != LDAP_NO_SUCH_ATTRIBUTE) {
992 ldap_uncache_entry(ld, group);
994 printf(" \"%s\" has been added\n", new_value);
995 mod.mod_op = LDAP_MOD_ADD;
997 else if (verbose && (mod.mod_op == LDAP_MOD_ADD))
998 printf(" \"%s\" has been added\n", new_value);
999 else if (verbose && (mod.mod_op == LDAP_MOD_DELETE))
1000 printf(" \"%s\" has been removed\n", new_value);
1004 my_ldap_modify_s(ldap, group, mods)
1009 int was_rfc822member, rc;
1011 was_rfc822member = 0;
1013 if (!strcasecmp(mods[0]->mod_type, "rfc822member")) {
1014 mods[0]->mod_type = "mail";
1015 was_rfc822member = 1;
1018 rc = ldap_modify_s(ldap, group, mods);
1020 if (was_rfc822member)
1021 mods[0]->mod_type = "rfc822member";
1026 void list_groups(who)
1030 char name[BUFSIZ], filter[BUFSIZ], *search_attrs[2];
1031 char *work_area[MAX_NUM_NAMES];
1037 if (debug & D_TRACE) {
1039 printf("->list_groups(NULL)\n");
1041 printf("->list_groups(%s)\n", who);
1045 * First, decide what entry we are going to list. If the
1046 * user has not included a name on the list command line,
1047 * we will use the person who was last looked up with a find
1050 * Once we know who to modify, be sure that they exist, and
1051 * parse out their DN.
1054 printf(" List groups belonging to whose entry? ");
1056 fetch_buffer(name, sizeof(name), stdin);
1057 if (name[0] != '\0')
1062 if ((mp = find(who, TRUE)) == NULL) {
1063 (void) ldap_msgfree(mp);
1064 printf(" Could not locate \"%s\" in the Directory.\n", who);
1067 dn = ldap_get_dn(ld, ldap_first_entry(ld, mp));
1069 rdns = ldap_explode_dn(dn, TRUE);
1071 printf("\n Listing groups belonging to \"%s\"\n", *rdns);
1073 /* lookup the groups belonging to this person */
1074 sprintf(filter, "owner=%s", dn);
1076 search_attrs[0] = "cn";
1077 search_attrs[1] = NULL;
1078 if ((rc = ldap_search_s(ld, UD_WHERE_ALL_GROUPS_LIVE, LDAP_SCOPE_SUBTREE,
1079 filter, search_attrs, FALSE, &mp)) != LDAP_SUCCESS &&
1080 rc != LDAP_SIZELIMIT_EXCEEDED && rc != LDAP_TIMELIMIT_EXCEEDED) {
1081 ldap_perror(ld, "ldap_search_s");
1082 ldap_value_free(rdns);
1085 if ((rc = ldap_count_entries(ld, mp)) < 0) {
1086 ldap_perror(ld, "ldap_count_entries");
1087 ldap_value_free(rdns);
1091 printf(" %s owns no groups in this portion of the Directory.\n", *rdns);
1092 ldap_value_free(rdns);
1096 printf(" %s owns %d groups.\n\n", *rdns, rc);
1097 print_list(mp, work_area, &rc);
1098 for (i = 1; work_area[i] != NULL; i++)
1101 ldap_value_free(rdns);
1105 static char * bind_and_fetch(name)
1109 char tmp[MED_BUF_SIZE];
1110 extern char * strip_ignore_chars();
1113 if (debug & D_TRACE) {
1115 printf("->bind_and_fetch(NULL)\n");
1117 printf("->bind_and_fetch(%s)\n", name);
1120 if (bind_status == UD_NOT_BOUND) {
1121 if (auth((char *) NULL, 1) < 0)
1126 * If the user did not supply us with a name, prompt them for
1129 if ((name == NULL) || (*name == '\0')) {
1132 fetch_buffer(tmp, sizeof(tmp), stdin);
1137 /* remove quotes, dots, and underscores. */
1138 name = strip_ignore_chars(name);
1141 if (debug & D_GROUPS)
1142 printf("Group name = (%s)\n", name);
1145 /* make sure the group in question exists and is joinable */
1146 if ((lm = find(name, TRUE)) == (LDAPMessage *) NULL) {
1147 printf(" Could not locate group \"%s\"\n", name);
1154 if (debug & D_GROUPS)
1155 printf("Group DN = (%s)\n", Entry.DN);
1157 return(strdup(Entry.DN));
1160 void list_memberships(who)
1164 char name[BUFSIZ], filter[BUFSIZ], *search_attrs[2];
1165 char *work_area[MAX_NUM_NAMES];
1171 if (debug & D_TRACE) {
1173 printf("->list_memberships(NULL)\n");
1175 printf("->list_memberships(%s)\n", who);
1179 * First, decide what entry we are going to list. If the
1180 * user has not included a name on the list command line,
1181 * we will use the person who was last looked up with a find
1184 * Once we know who to modify, be sure that they exist, and
1185 * parse out their DN.
1188 printf(" List memberships containing whose entry? ");
1190 fetch_buffer(name, sizeof(name), stdin);
1191 if (name[0] != '\0')
1196 if ((mp = find(who, TRUE)) == NULL) {
1197 (void) ldap_msgfree(mp);
1198 printf(" Could not locate \"%s\" in the Directory.\n", who);
1202 dn = ldap_get_dn(ld, ldap_first_entry(ld, mp));
1203 rdns = ldap_explode_dn(dn, TRUE);
1205 printf("\n Listing memberships of \"%s\"\n", *rdns);
1207 /* lookup the groups belonging to this person */
1208 sprintf(filter, "member=%s", dn);
1210 search_attrs[0] = "cn";
1211 search_attrs[1] = NULL;
1213 if ((rc = ldap_search_s(ld, UD_WHERE_ALL_GROUPS_LIVE, LDAP_SCOPE_SUBTREE,
1214 filter, search_attrs, FALSE, &mp)) != LDAP_SUCCESS &&
1215 rc != LDAP_SIZELIMIT_EXCEEDED && rc != LDAP_TIMELIMIT_EXCEEDED) {
1216 ldap_perror(ld, "ldap_search_s");
1218 ldap_value_free(rdns);
1221 if ((rc = ldap_count_entries(ld, mp)) < 0) {
1222 ldap_perror(ld, "ldap_count_entries");
1224 ldap_value_free(rdns);
1228 printf(" %s is not a member of any groups in this portion of the Directory.\n", *rdns);
1230 ldap_value_free(rdns);
1234 printf(" %s is a member of %d groups.\n\n", *rdns, rc);
1237 * print_list fills in the char * array starting at 1, not 0
1239 print_list(mp, work_area, &rc);
1240 for (i = 1; work_area[i] != NULL; i++)
1243 ldap_value_free(rdns);
projects / openldap / blob