2008-05-08 13:23:38 +04:00
/*
Samba Unix / Linux SMB client library
Distributed SMB / CIFS Server Management Utility
2003-06-21 12:35:30 +04:00
Copyright ( C ) 2003 Andrew Bartlett ( abartlet @ samba . org )
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-06-21 12:35:30 +04:00
( at your option ) any later version .
2008-05-08 13:23:38 +04:00
2003-06-21 12:35:30 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-05-08 13:23:38 +04:00
2003-06-21 12:35:30 +04:00
You should have received a copy of the GNU General Public License
2008-05-10 01:22:12 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2003-06-21 12:35:30 +04:00
# include "includes.h"
2011-02-26 01:20:06 +03:00
# include "system/filesys.h"
2004-10-07 08:01:18 +04:00
# include "utils/net.h"
2010-08-05 04:25:37 +04:00
# include "secrets.h"
2010-08-18 20:13:42 +04:00
# include "idmap.h"
2010-08-18 20:59:23 +04:00
# include "dbwrap.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-01-28 12:55:58 +03:00
# include "net_idmap_check.h"
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
# define ALLOC_CHECK(mem) do { \
if ( ! mem ) { \
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ; \
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ; \
return - 1 ; \
} } while ( 0 )
2003-06-21 12:35:30 +04:00
/***********************************************************
2007-06-26 23:15:26 +04:00
Helper function for net_idmap_dump . Dump one entry .
2003-06-21 12:35:30 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-06-14 14:25:11 +04:00
static int net_idmap_dump_one_entry ( struct db_record * rec ,
2007-06-26 23:15:26 +04:00
void * unused )
2003-06-21 12:35:30 +04:00
{
2010-06-14 14:25:11 +04:00
if ( strcmp ( ( char * ) rec - > key . dptr , " USER HWM " ) = = 0 ) {
printf ( _ ( " USER HWM %d \n " ) , IVAL ( rec - > value . dptr , 0 ) ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2010-06-14 14:25:11 +04:00
if ( strcmp ( ( char * ) rec - > key . dptr , " GROUP HWM " ) = = 0 ) {
printf ( _ ( " GROUP HWM %d \n " ) , IVAL ( rec - > value . dptr , 0 ) ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2010-06-14 14:25:11 +04:00
if ( strncmp ( ( char * ) rec - > key . dptr , " S- " , 2 ) ! = 0 )
2007-06-26 23:15:26 +04:00
return 0 ;
2006-12-12 17:52:13 +03:00
2010-06-14 14:25:11 +04:00
printf ( " %s %s \n " , rec - > value . dptr , rec - > key . dptr ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
}
2006-12-12 17:52:13 +03:00
2011-02-08 14:06:07 +03:00
static const char * net_idmap_dbfile ( struct net_context * c )
{
const char * dbfile = NULL ;
if ( c - > opt_db ! = NULL ) {
dbfile = talloc_strdup ( talloc_tos ( ) , c - > opt_db ) ;
2011-02-09 01:16:31 +03:00
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
2011-02-08 14:06:07 +03:00
} else if ( strequal ( lp_idmap_backend ( ) , " tdb " ) ) {
dbfile = state_path ( " winbindd_idmap.tdb " ) ;
2011-02-09 01:16:31 +03:00
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
2011-02-08 14:06:07 +03:00
} else if ( strequal ( lp_idmap_backend ( ) , " tdb2 " ) ) {
dbfile = lp_parm_talloc_string ( - 1 , " tdb " , " idmap2.tdb " , NULL ) ;
if ( dbfile = = NULL ) {
dbfile = talloc_asprintf ( talloc_tos ( ) , " %s/idmap2.tdb " ,
lp_private_dir ( ) ) ;
}
2011-02-09 01:16:31 +03:00
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
2011-02-08 14:06:07 +03:00
} else {
char * backend = talloc_strdup ( talloc_tos ( ) , lp_idmap_backend ( ) ) ;
char * args = strchr ( backend , ' : ' ) ;
if ( args ! = NULL ) {
* args = ' \0 ' ;
}
d_printf ( _ ( " Sorry, 'idmap backend = %s' is currently not supported \n " ) ,
backend ) ;
talloc_free ( backend ) ;
}
2011-02-09 01:16:31 +03:00
2011-02-08 14:06:07 +03:00
return dbfile ;
}
2007-06-26 23:15:26 +04:00
/***********************************************************
Dump the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
static int net_idmap_dump ( struct net_context * c , int argc , const char * * argv )
2007-06-26 23:15:26 +04:00
{
2010-06-14 14:25:11 +04:00
struct db_context * db ;
TALLOC_CTX * mem_ctx ;
2011-02-08 14:40:23 +03:00
const char * dbfile ;
int ret = - 1 ;
2004-02-24 18:45:10 +03:00
2011-02-08 14:40:23 +03:00
if ( argc > 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2011-02-08 14:40:23 +03:00
_ ( " net idmap dump [[--db=]<inputfile>] \n "
2009-07-30 14:04:53 +04:00
" Dump current ID mapping. \n "
" inputfile \t TDB file to read mappings from. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return c - > display_usage ? 0 : - 1 ;
}
2004-02-24 18:45:10 +03:00
2010-06-14 14:25:11 +04:00
mem_ctx = talloc_stackframe ( ) ;
2007-06-26 23:15:26 +04:00
2011-02-08 14:40:23 +03:00
dbfile = ( argc > 0 ) ? argv [ 0 ] : net_idmap_dbfile ( c ) ;
if ( dbfile = = NULL ) {
goto done ;
}
d_fprintf ( stderr , _ ( " dumping id mapping from %s \n " ) , dbfile ) ;
db = db_open ( mem_ctx , dbfile , 0 , TDB_DEFAULT , O_RDONLY , 0 ) ;
2010-06-14 14:25:11 +04:00
if ( db = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open idmap db (%s): %s \n " ) ,
2011-02-09 15:47:21 +03:00
dbfile , strerror ( errno ) ) ;
2011-02-08 14:40:23 +03:00
goto done ;
2004-02-24 18:45:10 +03:00
}
2010-06-14 14:25:11 +04:00
db - > traverse_read ( db , net_idmap_dump_one_entry , NULL ) ;
2011-02-08 14:40:23 +03:00
ret = 0 ;
2007-06-26 23:15:26 +04:00
2011-02-08 14:40:23 +03:00
done :
2010-06-14 14:25:11 +04:00
talloc_free ( mem_ctx ) ;
2011-02-08 14:40:23 +03:00
return ret ;
2004-02-24 18:45:10 +03:00
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Write entries from stdin to current local idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-07-11 22:01:26 +04:00
2009-01-22 15:33:54 +03:00
static int net_idmap_store_id_mapping ( struct db_context * db ,
enum id_type type ,
unsigned long idval ,
const char * sid_string )
{
NTSTATUS status ;
char * idstr = NULL ;
switch ( type ) {
case ID_TYPE_UID :
idstr = talloc_asprintf ( talloc_tos ( ) , " UID %lu " , idval ) ;
break ;
case ID_TYPE_GID :
idstr = talloc_asprintf ( talloc_tos ( ) , " GID %lu " , idval ) ;
break ;
default :
d_fprintf ( stderr , " Invalid id mapping type: %d \n " , type ) ;
return - 1 ;
}
status = dbwrap_store_bystring ( db , idstr ,
string_term_tdb_data ( sid_string ) ,
TDB_REPLACE ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , " Error storing ID -> SID: "
" %s \n " , nt_errstr ( status ) ) ;
talloc_free ( idstr ) ;
return - 1 ;
}
status = dbwrap_store_bystring ( db , sid_string ,
string_term_tdb_data ( idstr ) ,
TDB_REPLACE ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , " Error storing SID -> ID: "
" %s \n " , nt_errstr ( status ) ) ;
talloc_free ( idstr ) ;
return - 1 ;
}
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_restore ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2009-01-22 15:33:54 +03:00
TALLOC_CTX * mem_ctx ;
FILE * input = NULL ;
struct db_context * db ;
2011-02-08 14:06:07 +03:00
const char * dbfile = NULL ;
2009-01-22 15:33:54 +03:00
int ret = 0 ;
2006-12-12 17:52:13 +03:00
2008-05-19 18:10:07 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2011-02-08 14:06:07 +03:00
_ ( " net idmap restore [--db=<TDB>] [<inputfile>] \n "
2009-07-30 14:04:53 +04:00
" Restore ID mappings from file \n "
2011-02-08 14:06:07 +03:00
" TDB \t File to store ID mappings to. "
2009-01-22 15:33:54 +03:00
" inputfile \t File to load ID mappings from. If not "
" given, load data from stdin. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return 0 ;
}
2009-01-22 15:33:54 +03:00
mem_ctx = talloc_stackframe ( ) ;
2011-02-08 14:06:07 +03:00
dbfile = net_idmap_dbfile ( c ) ;
2003-06-21 12:35:30 +04:00
2011-02-09 01:24:57 +03:00
if ( dbfile = = NULL ) {
ret = - 1 ;
goto done ;
}
2011-02-08 14:06:07 +03:00
d_fprintf ( stderr , _ ( " restoring id mapping to %s \n " ) , dbfile ) ;
2006-12-12 17:52:13 +03:00
if ( argc = = 1 ) {
input = fopen ( argv [ 0 ] , " r " ) ;
2011-02-08 14:03:08 +03:00
if ( input = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open input file (%s): %s \n " ) ,
argv [ 0 ] , strerror ( errno ) ) ;
ret = - 1 ;
goto done ;
}
2006-12-12 17:52:13 +03:00
} else {
input = stdin ;
}
2009-01-22 15:33:54 +03:00
db = db_open ( mem_ctx , dbfile , 0 , TDB_DEFAULT , O_RDWR | O_CREAT , 0644 ) ;
if ( db = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open idmap db (%s): %s \n " ) ,
dbfile , strerror ( errno ) ) ;
ret = - 1 ;
goto done ;
}
if ( db - > transaction_start ( db ) ! = 0 ) {
d_fprintf ( stderr , _ ( " Failed to start transaction. \n " ) ) ;
ret = - 1 ;
goto done ;
}
2006-12-12 17:52:13 +03:00
while ( ! feof ( input ) ) {
char line [ 128 ] , sid_string [ 128 ] ;
2003-06-21 12:35:30 +04:00
int len ;
2006-12-12 17:52:13 +03:00
unsigned long idval ;
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
if ( fgets ( line , 127 , input ) = = NULL )
2003-06-21 12:35:30 +04:00
break ;
len = strlen ( line ) ;
if ( ( len > 0 ) & & ( line [ len - 1 ] = = ' \n ' ) )
line [ len - 1 ] = ' \0 ' ;
2009-01-22 15:33:54 +03:00
if ( sscanf ( line , " GID %lu %128s " , & idval , sid_string ) = = 2 )
{
ret = net_idmap_store_id_mapping ( db , ID_TYPE_GID ,
idval , sid_string ) ;
if ( ret ! = 0 ) {
break ;
}
} else if ( sscanf ( line , " UID %lu %128s " , & idval , sid_string ) = = 2 )
{
ret = net_idmap_store_id_mapping ( db , ID_TYPE_UID ,
idval , sid_string ) ;
if ( ret ! = 0 ) {
break ;
}
2006-12-12 17:52:13 +03:00
} else if ( sscanf ( line , " USER HWM %lu " , & idval ) = = 1 ) {
2009-01-22 15:33:54 +03:00
ret = dbwrap_store_int32 ( db , " USER HWM " , idval ) ;
if ( ret ! = 0 ) {
d_fprintf ( stderr , _ ( " Could not store USER HWM. \n " ) ) ;
break ;
2006-12-12 17:52:13 +03:00
}
} else if ( sscanf ( line , " GROUP HWM %lu " , & idval ) = = 1 ) {
2009-01-22 15:33:54 +03:00
ret = dbwrap_store_int32 ( db , " GROUP HWM " , idval ) ;
if ( ret ! = 0 ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
2009-01-22 15:33:54 +03:00
_ ( " Could not store GROUP HWM. \n " ) ) ;
break ;
2006-12-12 17:52:13 +03:00
}
2006-07-11 22:01:26 +04:00
} else {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " ignoring invalid line [%s] \n " ) ,
line ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
2009-01-22 15:33:54 +03:00
}
2003-06-21 12:35:30 +04:00
2009-01-22 15:33:54 +03:00
if ( ret = = 0 ) {
if ( db - > transaction_commit ( db ) ! = 0 ) {
d_fprintf ( stderr , _ ( " Failed to commit transaction. \n " ) ) ;
ret = - 1 ;
2003-06-21 12:35:30 +04:00
}
2009-01-22 15:33:54 +03:00
} else {
if ( db - > transaction_cancel ( db ) ! = 0 ) {
d_fprintf ( stderr , _ ( " Failed to cancel transaction. \n " ) ) ;
2003-06-21 12:35:30 +04:00
}
}
2009-01-22 15:33:54 +03:00
done :
if ( ( input ! = NULL ) & & ( input ! = stdin ) ) {
2006-12-12 17:52:13 +03:00
fclose ( input ) ;
}
2004-02-24 18:45:10 +03:00
2009-01-22 15:33:54 +03:00
talloc_free ( mem_ctx ) ;
return ret ;
2003-06-21 12:35:30 +04:00
}
2011-02-09 02:04:48 +03:00
static
NTSTATUS dbwrap_delete_mapping ( struct db_context * db , TDB_DATA key1 , bool force )
{
TALLOC_CTX * mem_ctx = talloc_tos ( ) ;
struct db_record * rec1 = NULL , * rec2 = NULL ;
TDB_DATA key2 ;
bool is_valid_mapping ;
NTSTATUS status = NT_STATUS_OK ;
rec1 = db - > fetch_locked ( db , mem_ctx , key1 ) ;
if ( rec1 = = NULL ) {
DEBUG ( 1 , ( " failed to fetch: %.*s \n " , ( int ) key1 . dsize , key1 . dptr ) ) ;
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
key2 = rec1 - > value ;
if ( key2 . dptr = = NULL ) {
DEBUG ( 1 , ( " could not find %.*s \n " , ( int ) key1 . dsize , key1 . dptr ) ) ;
status = NT_STATUS_NOT_FOUND ;
goto done ;
}
DEBUG ( 2 , ( " mapping: %.*s -> %.*s \n " ,
( int ) key1 . dsize , key1 . dptr , ( int ) key2 . dsize , key2 . dptr ) ) ;
rec2 = db - > fetch_locked ( db , mem_ctx , key2 ) ;
if ( rec2 = = NULL ) {
DEBUG ( 1 , ( " failed to fetch: %.*s \n " , ( int ) key2 . dsize , key2 . dptr ) ) ;
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
is_valid_mapping = tdb_data_equal ( key1 , rec2 - > value ) ;
if ( ! is_valid_mapping ) {
DEBUG ( 1 , ( " invalid mapping: %.*s -> %.*s -> %.*s \n " ,
( int ) key1 . dsize , key1 . dptr , ( int ) key2 . dsize , key2 . dptr ,
( int ) rec2 - > value . dsize , rec2 - > value . dptr ) ) ;
if ( ! force ) {
status = NT_STATUS_FILE_INVALID ;
goto done ;
}
}
status = rec1 - > delete_rec ( rec1 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " failed to delete: %.*s \n " , ( int ) key1 . dsize , key1 . dptr ) ) ;
goto done ;
}
if ( is_valid_mapping ) {
status = rec2 - > delete_rec ( rec2 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " failed to delete: %.*s \n " , ( int ) key2 . dsize , key2 . dptr ) ) ;
}
}
done :
TALLOC_FREE ( rec1 ) ;
TALLOC_FREE ( rec2 ) ;
return status ;
}
static
NTSTATUS delete_mapping_action ( struct db_context * db , void * data )
{
return dbwrap_delete_mapping ( db , * ( TDB_DATA * ) data , false ) ;
}
static
NTSTATUS delete_mapping_action_force ( struct db_context * db , void * data )
{
return dbwrap_delete_mapping ( db , * ( TDB_DATA * ) data , true ) ;
}
2004-12-17 13:20:53 +03:00
/***********************************************************
Delete a SID mapping from a winbindd_idmap . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2011-02-09 02:04:48 +03:00
static bool delete_args_ok ( int argc , const char * * argv )
{
if ( argc ! = 1 )
return false ;
if ( strncmp ( argv [ 0 ] , " S- " , 2 ) = = 0 )
return true ;
if ( strncmp ( argv [ 0 ] , " GID " , 4 ) = = 0 )
return true ;
if ( strncmp ( argv [ 0 ] , " UID " , 4 ) = = 0 )
return true ;
return false ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_delete ( struct net_context * c , int argc , const char * * argv )
2004-12-17 13:20:53 +03:00
{
2011-02-09 02:04:48 +03:00
int ret = - 1 ;
struct db_context * db ;
TALLOC_CTX * mem_ctx ;
TDB_DATA key ;
NTSTATUS status ;
const char * dbfile ;
if ( ! delete_args_ok ( argc , argv ) | | c - > display_usage ) {
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net idmap delete [-f] [--db=<TDB>] <ID> \n "
" Delete mapping of ID from TDB. \n "
" -f \t force \n "
" TDB \t idmap database \n "
" ID \t SID|GID|UID \n " ) ) ;
return c - > display_usage ? 0 : - 1 ;
}
mem_ctx = talloc_stackframe ( ) ;
dbfile = net_idmap_dbfile ( c ) ;
if ( dbfile = = NULL ) {
goto done ;
}
d_fprintf ( stderr , _ ( " deleting id mapping from %s \n " ) , dbfile ) ;
db = db_open ( mem_ctx , dbfile , 0 , TDB_DEFAULT , O_RDWR , 0 ) ;
if ( db = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open idmap db (%s): %s \n " ) ,
dbfile , strerror ( errno ) ) ;
goto done ;
}
key = string_term_tdb_data ( argv [ 0 ] ) ;
status = dbwrap_trans_do ( db , ( c - > opt_force
? delete_mapping_action_force
: delete_mapping_action ) , & key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , _ ( " could not delete mapping: %s \n " ) ,
nt_errstr ( status ) ) ;
goto done ;
}
ret = 0 ;
done :
talloc_free ( mem_ctx ) ;
return ret ;
2006-12-12 17:52:13 +03:00
}
2004-12-17 13:20:53 +03:00
2008-05-10 01:22:12 +04:00
static int net_idmap_set ( struct net_context * c , int argc , const char * * argv )
2006-12-12 17:52:13 +03:00
{
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n " , _ ( " Not implemented yet " ) ) ;
2006-12-12 17:52:13 +03:00
return - 1 ;
}
2010-12-08 02:43:34 +03:00
static bool idmap_store_secret ( const char * backend ,
const char * domain ,
const char * identity ,
const char * secret )
2006-12-12 17:52:13 +03:00
{
char * tmp ;
int r ;
2007-10-19 04:40:25 +04:00
bool ret ;
2004-12-17 13:20:53 +03:00
2010-12-08 02:39:28 +03:00
r = asprintf ( & tmp , " IDMAP_%s_%s " , backend , domain ) ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( r < 0 ) return false ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
strupper_m ( tmp ) ; /* make sure the key is case insensitive */
ret = secrets_store_generic ( tmp , identity , secret ) ;
free ( tmp ) ;
return ret ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_secret ( struct net_context * c , int argc , const char * * argv )
2006-12-12 17:52:13 +03:00
{
TALLOC_CTX * ctx ;
const char * secret ;
const char * dn ;
char * domain ;
char * backend ;
char * opt = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2006-12-12 17:52:13 +03:00
2008-05-19 18:10:07 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
2010-05-31 17:00:38 +04:00
_ ( " Usage: \n " ) ,
_ ( " net idmap secret <DOMAIN> <secret> \n "
" Set the secret for the specified domain \n "
2009-07-30 14:04:53 +04:00
" DOMAIN \t Domain to set secret for. \n "
" secret \t New secret to set. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return c - > display_usage ? 0 : - 1 ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
secret = argv [ 1 ] ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
2004-12-17 13:20:53 +03:00
2010-05-31 17:00:38 +04:00
domain = talloc_strdup ( ctx , argv [ 0 ] ) ;
ALLOC_CHECK ( domain ) ;
2006-12-12 17:52:13 +03:00
2010-05-31 17:00:38 +04:00
opt = talloc_asprintf ( ctx , " idmap config %s " , domain ) ;
ALLOC_CHECK ( opt ) ;
2006-12-12 17:52:13 +03:00
2010-05-31 17:00:38 +04:00
backend = talloc_strdup ( ctx , lp_parm_const_string ( - 1 , opt , " backend " , " tdb " ) ) ;
ALLOC_CHECK ( backend ) ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( ( ! backend ) | | ( ! strequal ( backend , " ldap " ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
_ ( " The only currently supported backend is LDAP \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2010-05-31 17:00:38 +04:00
dn = lp_parm_const_string ( - 1 , opt , " ldap_user_dn " , NULL ) ;
if ( ! dn ) {
d_fprintf ( stderr ,
_ ( " Missing ldap_user_dn option for domain %s \n " ) ,
domain ) ;
talloc_free ( ctx ) ;
return - 1 ;
2006-12-12 17:52:13 +03:00
}
2010-12-08 02:39:28 +03:00
ret = idmap_store_secret ( " ldap " , domain , dn , secret ) ;
2010-05-31 17:00:38 +04:00
2006-12-12 17:52:13 +03:00
if ( ! ret ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Failed to store secret \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Secret stored \n " ) ) ;
2004-12-17 13:20:53 +03:00
return 0 ;
}
2011-01-28 12:55:58 +03:00
static int net_idmap_check ( struct net_context * c , int argc , const char * * argv )
{
const char * dbfile ;
struct check_options opts ;
if ( argc > 1 | | c - > display_usage ) {
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2011-04-07 13:00:41 +04:00
_ ( " net idmap check [-v] [-r] [-a] [-T] [-f] [-l] [[--db=]<TDB>] \n "
2011-01-28 12:55:58 +03:00
" Check an idmap database. \n "
2011-04-07 13:00:41 +04:00
" --verbose,-v \t verbose \n "
2011-01-28 12:55:58 +03:00
" --repair,-r \t repair \n "
" --auto,-a \t noninteractive mode \n "
" --test,-T \t dry run \n "
2011-04-07 13:00:41 +04:00
" --fore,-f \t force \n "
" --lock,-l \t lock db while doing the check \n "
2011-01-28 12:55:58 +03:00
" TDB \t idmap database \n " ) ) ;
return c - > display_usage ? 0 : - 1 ;
}
dbfile = ( argc > 0 ) ? argv [ 0 ] : net_idmap_dbfile ( c ) ;
if ( dbfile = = NULL ) {
return - 1 ;
}
d_fprintf ( stderr , _ ( " check database: %s \n " ) , dbfile ) ;
opts = ( struct check_options ) {
2011-04-07 13:00:41 +04:00
. lock = c - > opt_lock | | c - > opt_long_list_entries ,
2011-01-28 12:55:58 +03:00
. test = c - > opt_testmode ,
. automatic = c - > opt_auto ,
. verbose = c - > opt_verbose ,
. force = c - > opt_force ,
. repair = c - > opt_repair | | c - > opt_reboot ,
} ;
return net_idmap_check_db ( dbfile , & opts ) ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_aclmapset ( struct net_context * c , int argc , const char * * argv )
2008-03-17 15:51:50 +03:00
{
TALLOC_CTX * mem_ctx ;
int result = - 1 ;
2010-05-21 05:25:01 +04:00
struct dom_sid src_sid , dst_sid ;
2008-03-17 15:51:50 +03:00
char * src , * dst ;
struct db_context * db ;
struct db_record * rec ;
NTSTATUS status ;
2008-05-19 18:10:07 +04:00
if ( argc ! = 3 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s net idmap aclmapset <tdb> "
" <src-sid> <dst-sid> \n " , _ ( " Usage: " ) ) ;
2008-03-17 15:51:50 +03:00
return - 1 ;
}
if ( ! ( mem_ctx = talloc_init ( " net idmap aclmapset " ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " talloc_init failed \n " ) ) ;
2008-03-17 15:51:50 +03:00
return - 1 ;
}
if ( ! ( db = db_open ( mem_ctx , argv [ 0 ] , 0 , TDB_DEFAULT ,
O_RDWR | O_CREAT , 0600 ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " db_open failed: %s \n " ) , strerror ( errno ) ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! string_to_sid ( & src_sid , argv [ 1 ] ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " %s is not a valid sid \n " ) , argv [ 1 ] ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! string_to_sid ( & dst_sid , argv [ 2 ] ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " %s is not a valid sid \n " ) , argv [ 2 ] ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! ( src = sid_string_talloc ( mem_ctx , & src_sid ) )
| | ! ( dst = sid_string_talloc ( mem_ctx , & dst_sid ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " talloc_strdup failed \n " ) ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
if ( ! ( rec = db - > fetch_locked (
db , mem_ctx , string_term_tdb_data ( src ) ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " could not fetch db record \n " ) ) ;
2008-03-17 15:51:50 +03:00
goto fail ;
}
status = rec - > store ( rec , string_term_tdb_data ( dst ) , 0 ) ;
TALLOC_FREE ( rec ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " could not store record: %s \n " ) ,
2008-03-17 15:51:50 +03:00
nt_errstr ( status ) ) ;
goto fail ;
}
result = 0 ;
fail :
TALLOC_FREE ( mem_ctx ) ;
return result ;
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Look at the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
int net_idmap ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-05-19 18:10:07 +04:00
{
" dump " ,
net_idmap_dump ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Dump the current ID mappings " ) ,
N_ ( " net idmap dump \n "
" Dump the current ID mappings " )
2008-05-19 18:10:07 +04:00
} ,
{
" restore " ,
net_idmap_restore ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Restore entries from stdin " ) ,
N_ ( " net idmap restore \n "
" Restore entries from stdin " )
2008-05-19 18:10:07 +04:00
} ,
{
" setmap " ,
net_idmap_set ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Not implemented yet " ) ,
N_ ( " net idmap setmap \n "
" Not implemented yet " )
2008-05-19 18:10:07 +04:00
} ,
{
" delete " ,
net_idmap_delete ,
NET_TRANSPORT_LOCAL ,
2011-02-09 02:04:48 +03:00
N_ ( " Delete ID mapping " ) ,
N_ ( " net idmap delete <ID> \n "
" Delete ID mapping " )
2008-05-19 18:10:07 +04:00
} ,
{
" secret " ,
net_idmap_secret ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Set secret for specified domain " ) ,
2010-12-08 02:41:28 +03:00
N_ ( " net idmap secret <DOMAIN> <secret> \n "
" Set secret for specified domain " )
2008-05-19 18:10:07 +04:00
} ,
{
" aclmapset " ,
net_idmap_aclmapset ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Set acl map " ) ,
N_ ( " net idmap aclmapset \n "
" Set acl map " )
2008-05-19 18:10:07 +04:00
} ,
2011-01-28 12:55:58 +03:00
{
" check " ,
net_idmap_check ,
NET_TRANSPORT_LOCAL ,
N_ ( " Check id mappings " ) ,
N_ ( " net idmap check \n "
" Check id mappings " )
} ,
2008-05-19 18:10:07 +04:00
{ NULL , NULL , 0 , NULL , NULL }
2003-06-21 12:35:30 +04:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net idmap " , func ) ;
2003-06-21 12:35:30 +04:00
}