2003-06-21 12:35:30 +04:00
/*
Samba Unix / Linux SMB client library
Distributed SMB / CIFS Server Management Utility
Copyright ( C ) 2003 Andrew Bartlett ( abartlet @ samba . org )
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA . */
# include "includes.h"
2004-10-07 08:01:18 +04:00
# include "utils/net.h"
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
# define ALLOC_CHECK(mem) do { \
if ( ! mem ) { \
d_fprintf ( stderr , " Out of memory! \n " ) ; \
talloc_free ( ctx ) ; \
return - 1 ; \
} } while ( 0 )
2003-06-21 12:35:30 +04:00
/***********************************************************
Dump the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int net_idmap_dump ( int argc , const char * * argv )
{
2006-12-12 17:52:13 +03:00
TALLOC_CTX * ctx ;
char * filename ;
2004-02-24 18:45:10 +03:00
2006-12-12 17:52:13 +03:00
if ( argc ! = 1 ) {
return net_help_idmap ( argc , argv ) ;
2004-02-24 18:45:10 +03:00
}
2006-12-12 17:52:13 +03:00
if ( ! winbind_ping ( ) ) {
d_fprintf ( stderr , " To use net idmap Winbindd must be running. \n " ) ;
2004-02-24 18:45:10 +03:00
return - 1 ;
}
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
filename = talloc_strdup ( ctx , argv [ 0 ] ) ;
ALLOC_CHECK ( filename ) ;
/* filename must be absolute */
if ( * filename ! = ' / ' ) {
char path [ 4096 ] ;
filename = getcwd ( path , 4095 ) ;
if ( ! filename ) {
d_fprintf ( stderr , " Failed to obtain full output file path " ) ;
talloc_free ( ctx ) ;
return - 1 ;
2005-10-18 22:02:37 +04:00
}
2004-02-24 18:45:10 +03:00
2006-12-12 17:52:13 +03:00
filename = talloc_asprintf ( ctx , " %s/%s " , path , argv [ 0 ] ) ;
ALLOC_CHECK ( filename ) ;
2004-02-24 18:45:10 +03:00
}
2006-12-12 17:52:13 +03:00
if ( ! winbind_idmap_dump_maps ( ctx , filename ) ) {
d_fprintf ( stderr , " Failed to obtain idmap data from winbindd \n " ) ;
talloc_free ( ctx ) ;
return - 1 ;
2004-02-24 18:45:10 +03:00
}
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
return 0 ;
2004-02-24 18:45:10 +03:00
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Write entries from stdin to current local idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-07-11 22:01:26 +04:00
2003-06-21 12:35:30 +04:00
static int net_idmap_restore ( int argc , const char * * argv )
{
2006-12-12 17:52:13 +03:00
TALLOC_CTX * ctx ;
FILE * input ;
if ( ! winbind_ping ( ) ) {
d_fprintf ( stderr , " To use net idmap Winbindd must be running. \n " ) ;
2003-06-21 12:35:30 +04:00
return - 1 ;
}
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
if ( argc = = 1 ) {
input = fopen ( argv [ 0 ] , " r " ) ;
} else {
input = stdin ;
}
while ( ! feof ( input ) ) {
char line [ 128 ] , sid_string [ 128 ] ;
2003-06-21 12:35:30 +04:00
int len ;
DOM_SID sid ;
2006-12-12 17:52:13 +03:00
struct id_map map ;
unsigned long idval ;
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
if ( fgets ( line , 127 , input ) = = NULL )
2003-06-21 12:35:30 +04:00
break ;
len = strlen ( line ) ;
if ( ( len > 0 ) & & ( line [ len - 1 ] = = ' \n ' ) )
line [ len - 1 ] = ' \0 ' ;
2006-12-12 17:52:13 +03:00
if ( sscanf ( line , " GID %lu %128s " , & idval , sid_string ) = = 2 ) {
map . xid . type = ID_TYPE_GID ;
map . xid . id = idval ;
} else if ( sscanf ( line , " UID %lu %128s " , & idval , sid_string ) = = 2 ) {
map . xid . type = ID_TYPE_UID ;
map . xid . id = idval ;
} else if ( sscanf ( line , " USER HWM %lu " , & idval ) = = 1 ) {
/* set uid hwm */
if ( ! winbind_set_uid_hwm ( idval ) ) {
d_fprintf ( stderr , " Could not set USER HWM \n " ) ;
}
continue ;
} else if ( sscanf ( line , " GROUP HWM %lu " , & idval ) = = 1 ) {
/* set gid hwm */
if ( ! winbind_set_gid_hwm ( idval ) ) {
d_fprintf ( stderr , " Could not set GROUP HWM \n " ) ;
}
continue ;
2006-07-11 22:01:26 +04:00
} else {
2006-12-12 17:52:13 +03:00
d_fprintf ( stderr , " ignoring invalid line [%s] \n " , line ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
if ( ! string_to_sid ( & sid , sid_string ) ) {
2006-12-12 17:52:13 +03:00
d_fprintf ( stderr , " ignoring invalid sid [%s] \n " , sid_string ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
2006-12-12 17:52:13 +03:00
map . sid = & sid ;
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
if ( ! winbind_set_mapping ( & map ) ) {
2006-01-18 00:22:00 +03:00
d_fprintf ( stderr , " Could not set mapping of %s %lu to sid %s \n " ,
2006-12-12 17:52:13 +03:00
( map . xid . type = = ID_TYPE_GID ) ? " GID " : " UID " ,
( unsigned long ) map . xid . id , sid_string_static ( map . sid ) ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
2006-12-12 17:52:13 +03:00
2003-06-21 12:35:30 +04:00
}
2006-12-12 17:52:13 +03:00
if ( input ! = stdin ) {
fclose ( input ) ;
}
2004-02-24 18:45:10 +03:00
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
return 0 ;
2003-06-21 12:35:30 +04:00
}
2004-12-17 13:20:53 +03:00
/***********************************************************
Delete a SID mapping from a winbindd_idmap . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int net_idmap_delete ( int argc , const char * * argv )
{
2006-12-12 17:52:13 +03:00
d_printf ( " Not Implemented yet \n " ) ;
return - 1 ;
}
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
static int net_idmap_set ( int argc , const char * * argv )
{
d_printf ( " Not Implemented yet \n " ) ;
return - 1 ;
}
BOOL idmap_store_secret ( const char * backend , bool alloc ,
const char * domain , const char * identity ,
const char * secret )
{
char * tmp ;
int r ;
BOOL ret ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( alloc ) {
r = asprintf ( & tmp , " IDMAP_ALLOC_%s " , backend ) ;
} else {
r = asprintf ( & tmp , " IDMAP_%s_%s " , backend , domain ) ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
if ( r < 0 ) return false ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
strupper_m ( tmp ) ; /* make sure the key is case insensitive */
ret = secrets_store_generic ( tmp , identity , secret ) ;
free ( tmp ) ;
return ret ;
}
static int net_idmap_secret ( int argc , const char * * argv )
{
TALLOC_CTX * ctx ;
const char * secret ;
const char * dn ;
char * domain ;
char * backend ;
char * opt = NULL ;
BOOL ret ;
if ( argc ! = 2 ) {
return net_help_idmap ( argc , argv ) ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
secret = argv [ 1 ] ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( strcmp ( argv [ 0 ] , " alloc " ) = = 0 ) {
domain = NULL ;
backend = lp_idmap_alloc_backend ( ) ;
} else {
domain = talloc_strdup ( ctx , argv [ 0 ] ) ;
ALLOC_CHECK ( domain ) ;
opt = talloc_asprintf ( ctx , " idmap config %s " , domain ) ;
ALLOC_CHECK ( opt ) ;
backend = talloc_strdup ( ctx , lp_parm_const_string ( - 1 , opt , " backend " , " tdb " ) ) ;
ALLOC_CHECK ( backend ) ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
if ( ( ! backend ) | | ( ! strequal ( backend , " ldap " ) ) ) {
d_fprintf ( stderr , " The only currently supported backend is LDAP \n " ) ;
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2006-12-12 17:52:13 +03:00
if ( domain ) {
dn = lp_parm_const_string ( - 1 , opt , " ldap_user_dn " , NULL ) ;
if ( ! dn ) {
d_fprintf ( stderr , " Missing ldap_user_dn option for domain %s \n " , domain ) ;
talloc_free ( ctx ) ;
return - 1 ;
}
ret = idmap_store_secret ( " ldap " , false , domain , dn , secret ) ;
} else {
dn = lp_parm_const_string ( - 1 , " idmap alloc config " , " ldap_user_dn " , NULL ) ;
if ( ! dn ) {
d_fprintf ( stderr , " Missing ldap_user_dn option for alloc backend \n " ) ;
talloc_free ( ctx ) ;
return - 1 ;
}
ret = idmap_store_secret ( " ldap " , true , NULL , dn , secret ) ;
}
if ( ! ret ) {
d_fprintf ( stderr , " Failed to store secret \n " ) ;
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2006-12-12 17:52:13 +03:00
d_printf ( " Secret stored \n " ) ;
2004-12-17 13:20:53 +03:00
return 0 ;
}
2003-06-21 12:35:30 +04:00
int net_help_idmap ( int argc , const char * * argv )
{
2006-12-12 17:52:13 +03:00
d_printf ( " net idmap dump <outputfile> \n " \
" Dump current id mapping \n " ) ;
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
d_printf ( " net idmap restore \n " \
" Restore entries from stdin \n " ) ;
2003-06-21 12:35:30 +04:00
2004-12-17 13:20:53 +03:00
/* Deliberately *not* document net idmap delete */
2006-12-12 17:52:13 +03:00
d_printf ( " net idmap secret <DOMAIN>|alloc <secret> \n " \
" Set the secret for the specified DOMAIN (or the alloc module) \n " ) ;
2003-06-21 12:35:30 +04:00
return - 1 ;
}
/***********************************************************
Look at the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int net_idmap ( int argc , const char * * argv )
{
struct functable func [ ] = {
{ " dump " , net_idmap_dump } ,
{ " restore " , net_idmap_restore } ,
2006-12-12 17:52:13 +03:00
{ " setmap " , net_idmap_set } ,
2004-12-17 13:20:53 +03:00
{ " delete " , net_idmap_delete } ,
2006-12-12 17:52:13 +03:00
{ " secret " , net_idmap_secret } ,
2003-06-21 12:35:30 +04:00
{ " help " , net_help_idmap } ,
{ NULL , NULL }
} ;
return net_run_function ( argc , argv , func , net_help_idmap ) ;
}
