2008-05-08 13:23:38 +04:00
/*
Samba Unix / Linux SMB client library
Distributed SMB / CIFS Server Management Utility
2003-06-21 12:35:30 +04:00
Copyright ( C ) 2003 Andrew Bartlett ( abartlet @ samba . org )
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-06-21 12:35:30 +04:00
( at your option ) any later version .
2008-05-08 13:23:38 +04:00
2003-06-21 12:35:30 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-05-08 13:23:38 +04:00
2003-06-21 12:35:30 +04:00
You should have received a copy of the GNU General Public License
2008-05-10 01:22:12 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2003-06-21 12:35:30 +04:00
# include "includes.h"
2004-10-07 08:01:18 +04:00
# include "utils/net.h"
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
# define ALLOC_CHECK(mem) do { \
if ( ! mem ) { \
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ; \
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ; \
return - 1 ; \
} } while ( 0 )
2003-06-21 12:35:30 +04:00
/***********************************************************
2007-06-26 23:15:26 +04:00
Helper function for net_idmap_dump . Dump one entry .
2003-06-21 12:35:30 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-06-26 23:15:26 +04:00
static int net_idmap_dump_one_entry ( TDB_CONTEXT * tdb ,
TDB_DATA key ,
TDB_DATA data ,
void * unused )
2003-06-21 12:35:30 +04:00
{
2007-06-26 23:15:26 +04:00
if ( strcmp ( ( char * ) key . dptr , " USER HWM " ) = = 0 ) {
2009-07-30 14:04:53 +04:00
printf ( _ ( " USER HWM %d \n " ) , IVAL ( data . dptr , 0 ) ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2007-06-26 23:15:26 +04:00
if ( strcmp ( ( char * ) key . dptr , " GROUP HWM " ) = = 0 ) {
2009-07-30 14:04:53 +04:00
printf ( _ ( " GROUP HWM %d \n " ) , IVAL ( data . dptr , 0 ) ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2007-06-26 23:15:26 +04:00
if ( strncmp ( ( char * ) key . dptr , " S- " , 2 ) ! = 0 )
return 0 ;
2006-12-12 17:52:13 +03:00
2007-06-26 23:15:26 +04:00
printf ( " %s %s \n " , data . dptr , key . dptr ) ;
return 0 ;
}
2006-12-12 17:52:13 +03:00
2007-06-26 23:15:26 +04:00
/***********************************************************
Dump the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
static int net_idmap_dump ( struct net_context * c , int argc , const char * * argv )
2007-06-26 23:15:26 +04:00
{
TDB_CONTEXT * idmap_tdb ;
2004-02-24 18:45:10 +03:00
2008-05-19 18:10:07 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Usage: \n "
" net idmap dump <inputfile> \n "
" Dump current ID mapping. \n "
" inputfile \t TDB file to read mappings from. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return c - > display_usage ? 0 : - 1 ;
}
2004-02-24 18:45:10 +03:00
2007-06-26 23:15:26 +04:00
idmap_tdb = tdb_open_log ( argv [ 0 ] , 0 , TDB_DEFAULT , O_RDONLY , 0 ) ;
if ( idmap_tdb = = NULL ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Could not open idmap: %s \n " ) , argv [ 0 ] ) ;
2006-12-12 17:52:13 +03:00
return - 1 ;
2004-02-24 18:45:10 +03:00
}
2007-06-26 23:15:26 +04:00
tdb_traverse ( idmap_tdb , net_idmap_dump_one_entry , NULL ) ;
tdb_close ( idmap_tdb ) ;
2006-12-12 17:52:13 +03:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Write entries from stdin to current local idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-07-11 22:01:26 +04:00
2008-05-10 01:22:12 +04:00
static int net_idmap_restore ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2006-12-12 17:52:13 +03:00
TALLOC_CTX * ctx ;
FILE * input ;
2008-05-19 18:10:07 +04:00
if ( c - > display_usage ) {
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Usage: \n "
" net idmap restore [inputfile] \n "
" Restore ID mappings from file \n "
" inputfile \t File to load ID mappings from. If "
" not given, load data from stdin. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return 0 ;
}
2006-12-12 17:52:13 +03:00
if ( ! winbind_ping ( ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " To use net idmap Winbindd must be running. \n " ) ) ;
2003-06-21 12:35:30 +04:00
return - 1 ;
}
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
if ( argc = = 1 ) {
input = fopen ( argv [ 0 ] , " r " ) ;
} else {
input = stdin ;
}
while ( ! feof ( input ) ) {
char line [ 128 ] , sid_string [ 128 ] ;
2003-06-21 12:35:30 +04:00
int len ;
2008-04-11 14:00:29 +04:00
struct wbcDomainSid sid ;
enum id_type type = ID_TYPE_NOT_SPECIFIED ;
2006-12-12 17:52:13 +03:00
unsigned long idval ;
2008-04-11 14:00:29 +04:00
wbcErr wbc_status ;
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
if ( fgets ( line , 127 , input ) = = NULL )
2003-06-21 12:35:30 +04:00
break ;
len = strlen ( line ) ;
if ( ( len > 0 ) & & ( line [ len - 1 ] = = ' \n ' ) )
line [ len - 1 ] = ' \0 ' ;
2006-12-12 17:52:13 +03:00
if ( sscanf ( line , " GID %lu %128s " , & idval , sid_string ) = = 2 ) {
2008-04-11 14:00:29 +04:00
type = ID_TYPE_GID ;
2006-12-12 17:52:13 +03:00
} else if ( sscanf ( line , " UID %lu %128s " , & idval , sid_string ) = = 2 ) {
2008-04-11 14:00:29 +04:00
type = ID_TYPE_UID ;
2006-12-12 17:52:13 +03:00
} else if ( sscanf ( line , " USER HWM %lu " , & idval ) = = 1 ) {
/* set uid hwm */
2008-04-11 14:00:29 +04:00
wbc_status = wbcSetUidHwm ( idval ) ;
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " Could not set USER HWM: %s \n " ) ,
2008-04-11 14:00:29 +04:00
wbcErrorString ( wbc_status ) ) ;
2006-12-12 17:52:13 +03:00
}
continue ;
} else if ( sscanf ( line , " GROUP HWM %lu " , & idval ) = = 1 ) {
/* set gid hwm */
2008-04-11 14:00:29 +04:00
wbc_status = wbcSetGidHwm ( idval ) ;
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " Could not set GROUP HWM: %s \n " ) ,
2008-04-11 14:00:29 +04:00
wbcErrorString ( wbc_status ) ) ;
2006-12-12 17:52:13 +03:00
}
continue ;
2006-07-11 22:01:26 +04:00
} else {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " ignoring invalid line [%s] \n " ) ,
line ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
2008-04-11 14:00:29 +04:00
wbc_status = wbcStringToSid ( sid_string , & sid ) ;
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " ignoring invalid sid [%s]: %s \n " ) ,
2008-04-11 14:00:29 +04:00
sid_string , wbcErrorString ( wbc_status ) ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
2008-04-11 14:00:29 +04:00
if ( type = = ID_TYPE_UID ) {
wbc_status = wbcSetUidMapping ( idval , & sid ) ;
} else {
wbc_status = wbcSetGidMapping ( idval , & sid ) ;
}
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " Could not set mapping of %s %lu to sid %s: %s \n " ) ,
2008-04-11 14:00:29 +04:00
( type = = ID_TYPE_GID ) ? " GID " : " UID " ,
idval , sid_string ,
wbcErrorString ( wbc_status ) ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
}
2006-12-12 17:52:13 +03:00
if ( input ! = stdin ) {
fclose ( input ) ;
}
2004-02-24 18:45:10 +03:00
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
return 0 ;
2003-06-21 12:35:30 +04:00
}
2004-12-17 13:20:53 +03:00
/***********************************************************
Delete a SID mapping from a winbindd_idmap . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
static int net_idmap_delete ( struct net_context * c , int argc , const char * * argv )
2004-12-17 13:20:53 +03:00
{
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Not Implemented yet \n " ) ) ;
2006-12-12 17:52:13 +03:00
return - 1 ;
}
2004-12-17 13:20:53 +03:00
2008-05-10 01:22:12 +04:00
static int net_idmap_set ( struct net_context * c , int argc , const char * * argv )
2006-12-12 17:52:13 +03:00
{
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Not Implemented yet \n " ) ) ;
2006-12-12 17:52:13 +03:00
return - 1 ;
}
2007-10-19 04:40:25 +04:00
bool idmap_store_secret ( const char * backend , bool alloc ,
2006-12-12 17:52:13 +03:00
const char * domain , const char * identity ,
const char * secret )
{
char * tmp ;
int r ;
2007-10-19 04:40:25 +04:00
bool ret ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( alloc ) {
r = asprintf ( & tmp , " IDMAP_ALLOC_%s " , backend ) ;
} else {
r = asprintf ( & tmp , " IDMAP_%s_%s " , backend , domain ) ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
if ( r < 0 ) return false ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
strupper_m ( tmp ) ; /* make sure the key is case insensitive */
ret = secrets_store_generic ( tmp , identity , secret ) ;
free ( tmp ) ;
return ret ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_secret ( struct net_context * c , int argc , const char * * argv )
2006-12-12 17:52:13 +03:00
{
TALLOC_CTX * ctx ;
const char * secret ;
const char * dn ;
char * domain ;
char * backend ;
char * opt = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2006-12-12 17:52:13 +03:00
2008-05-19 18:10:07 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Usage: \n "
" net idmap secret {<DOMAIN>|alloc} <secret> \n "
" Set the secret for the specified domain "
" (or alloc module) \n "
" DOMAIN \t Domain to set secret for. \n "
" alloc \t Set secret for the alloc module \n "
" secret \t New secret to set. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return c - > display_usage ? 0 : - 1 ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
secret = argv [ 1 ] ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( strcmp ( argv [ 0 ] , " alloc " ) = = 0 ) {
domain = NULL ;
backend = lp_idmap_alloc_backend ( ) ;
} else {
domain = talloc_strdup ( ctx , argv [ 0 ] ) ;
ALLOC_CHECK ( domain ) ;
opt = talloc_asprintf ( ctx , " idmap config %s " , domain ) ;
ALLOC_CHECK ( opt ) ;
backend = talloc_strdup ( ctx , lp_parm_const_string ( - 1 , opt , " backend " , " tdb " ) ) ;
ALLOC_CHECK ( backend ) ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
if ( ( ! backend ) | | ( ! strequal ( backend , " ldap " ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " The only currently supported backend is LDAP \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2006-12-12 17:52:13 +03:00
if ( domain ) {
dn = lp_parm_const_string ( - 1 , opt , " ldap_user_dn " , NULL ) ;
if ( ! dn ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " Missing ldap_user_dn option for domain "
" %s \n " ) , domain ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
return - 1 ;
}
ret = idmap_store_secret ( " ldap " , false , domain , dn , secret ) ;
} else {
dn = lp_parm_const_string ( - 1 , " idmap alloc config " , " ldap_user_dn " , NULL ) ;
if ( ! dn ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " Missing ldap_user_dn option for alloc "
" backend \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
return - 1 ;
}
ret = idmap_store_secret ( " ldap " , true , NULL , dn , secret ) ;
}
if ( ! ret ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Failed to store secret \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Secret stored \n " ) ) ;
2004-12-17 13:20:53 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
int net_help_idmap ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " net idmap dump <inputfile> \n "
" Dump current id mapping \n " ) ) ;
2003-06-21 12:35:30 +04:00
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " net idmap restore \n "
" Restore entries from stdin \n " ) ) ;
2003-06-21 12:35:30 +04:00
2004-12-17 13:20:53 +03:00
/* Deliberately *not* document net idmap delete */
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " net idmap secret <DOMAIN>|alloc <secret> \n "
" Set the secret for the specified DOMAIN (or the alloc "
" module) \n " ) ) ;
2006-12-12 17:52:13 +03:00
2003-06-21 12:35:30 +04:00
return - 1 ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_aclmapset ( struct net_context * c , int argc , const char * * argv )
2008-03-17 15:51:50 +03:00
{
TALLOC_CTX * mem_ctx ;
int result = - 1 ;
DOM_SID src_sid , dst_sid ;
char * src , * dst ;
struct db_context * db ;
struct db_record * rec ;
NTSTATUS status ;
2008-05-19 18:10:07 +04:00
if ( argc ! = 3 | | c - > display_usage ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " usage: net idmap aclmapset <tdb> "
" <src-sid> <dst-sid> \n " ) ) ;
2008-03-17 15:51:50 +03:00
return - 1 ;
}
if ( ! ( mem_ctx = talloc_init ( " net idmap aclmapset " ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " talloc_init failed \n " ) ) ;
2008-03-17 15:51:50 +03:00
return - 1 ;
}
if ( ! ( db = db_open ( mem_ctx , argv [ 0 ] , 0 , TDB_DEFAULT ,
O_RDWR | O_CREAT , 0600 ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " db_open failed: %s \n " ) , strerror ( errno ) ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! string_to_sid ( & src_sid , argv [ 1 ] ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " %s is not a valid sid \n " ) , argv [ 1 ] ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! string_to_sid ( & dst_sid , argv [ 2 ] ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " %s is not a valid sid \n " ) , argv [ 2 ] ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! ( src = sid_string_talloc ( mem_ctx , & src_sid ) )
| | ! ( dst = sid_string_talloc ( mem_ctx , & dst_sid ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " talloc_strdup failed \n " ) ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! ( rec = db - > fetch_locked (
db , mem_ctx , string_term_tdb_data ( src ) ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " could not fetch db record \n " ) ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
status = rec - > store ( rec , string_term_tdb_data ( dst ) , 0 ) ;
TALLOC_FREE ( rec ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " could not store record: %s \n " ) ,
2008-03-17 15:51:50 +03:00
nt_errstr ( status ) ) ;
goto fail ;
}
result = 0 ;
fail :
TALLOC_FREE ( mem_ctx ) ;
return result ;
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Look at the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
int net_idmap ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-05-19 18:10:07 +04:00
{
" dump " ,
net_idmap_dump ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Dump the current ID mappings " ) ,
N_ ( " net idmap dump \n "
" Dump the current ID mappings " )
2008-05-19 18:10:07 +04:00
} ,
{
" restore " ,
net_idmap_restore ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Restore entries from stdin " ) ,
N_ ( " net idmap restore \n "
" Restore entries from stdin " )
2008-05-19 18:10:07 +04:00
} ,
{
" setmap " ,
net_idmap_set ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Not implemented yet " ) ,
N_ ( " net idmap setmap \n "
" Not implemented yet " )
2008-05-19 18:10:07 +04:00
} ,
{
" delete " ,
net_idmap_delete ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Not implemented yet " ) ,
N_ ( " net idmap delete \n "
" Not implemented yet " )
2008-05-19 18:10:07 +04:00
} ,
{
" secret " ,
net_idmap_secret ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Set secret for specified domain " ) ,
N_ ( " net idmap secret {<DOMAIN>|alloc} <secret> \n "
" Set secret for specified domain or alloc module " )
2008-05-19 18:10:07 +04:00
} ,
{
" aclmapset " ,
net_idmap_aclmapset ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Set acl map " ) ,
N_ ( " net idmap aclmapset \n "
" Set acl map " )
2008-05-19 18:10:07 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2003-06-21 12:35:30 +04:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net idmap " , func ) ;
2003-06-21 12:35:30 +04:00
}