2008-05-08 13:23:38 +04:00
/*
Samba Unix / Linux SMB client library
Distributed SMB / CIFS Server Management Utility
2003-06-21 12:35:30 +04:00
Copyright ( C ) 2003 Andrew Bartlett ( abartlet @ samba . org )
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-06-21 12:35:30 +04:00
( at your option ) any later version .
2008-05-08 13:23:38 +04:00
2003-06-21 12:35:30 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-05-08 13:23:38 +04:00
2003-06-21 12:35:30 +04:00
You should have received a copy of the GNU General Public License
2008-05-10 01:22:12 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2003-06-21 12:35:30 +04:00
# include "includes.h"
2011-02-26 01:20:06 +03:00
# include "system/filesys.h"
2004-10-07 08:01:18 +04:00
# include "utils/net.h"
2010-08-05 04:25:37 +04:00
# include "secrets.h"
2010-08-18 20:13:42 +04:00
# include "idmap.h"
2011-07-07 19:42:08 +04:00
# include "dbwrap/dbwrap.h"
2011-07-06 18:40:21 +04:00
# include "dbwrap/dbwrap_open.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-01-28 12:55:58 +03:00
# include "net_idmap_check.h"
2011-05-05 13:25:29 +04:00
# include "util_tdb.h"
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
# define ALLOC_CHECK(mem) do { \
if ( ! mem ) { \
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ; \
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ; \
return - 1 ; \
} } while ( 0 )
2003-06-21 12:35:30 +04:00
2012-11-30 00:40:15 +04:00
enum idmap_dump_backend {
TDB ,
AUTORID
} ;
struct idmap_dump_ctx {
enum idmap_dump_backend backend ;
} ;
static int net_idmap_dump_one_autorid_entry ( struct db_record * rec ,
void * unused )
{
TDB_DATA key ;
TDB_DATA value ;
key = dbwrap_record_get_key ( rec ) ;
value = dbwrap_record_get_value ( rec ) ;
if ( strncmp ( ( char * ) key . dptr , " CONFIG " , 6 ) = = 0 ) {
char * config = talloc_array ( talloc_tos ( ) , char , value . dsize + 1 ) ;
memcpy ( config , value . dptr , value . dsize ) ;
config [ value . dsize ] = ' \0 ' ;
printf ( " CONFIG: %s \n " , config ) ;
talloc_free ( config ) ;
return 0 ;
}
if ( strncmp ( ( char * ) key . dptr , " NEXT RANGE " , 10 ) = = 0 ) {
printf ( " RANGE HWM: % " PRIu32 " \n " , IVAL ( value . dptr , 0 ) ) ;
return 0 ;
}
if ( strncmp ( ( char * ) key . dptr , " NEXT ALLOC UID " , 14 ) = = 0 ) {
printf ( " UID HWM: % " PRIu32 " \n " , IVAL ( value . dptr , 0 ) ) ;
return 0 ;
}
if ( strncmp ( ( char * ) key . dptr , " NEXT ALLOC GID " , 14 ) = = 0 ) {
printf ( " GID HWM: % " PRIu32 " \n " , IVAL ( value . dptr , 0 ) ) ;
return 0 ;
}
if ( strncmp ( ( char * ) key . dptr , " UID " , 3 ) = = 0 | |
strncmp ( ( char * ) key . dptr , " GID " , 3 ) = = 0 )
{
/* mapped entry from allocation pool */
printf ( " %s %s \n " , value . dptr , key . dptr ) ;
return 0 ;
}
if ( ( strncmp ( ( char * ) key . dptr , " S-1-5- " , 6 ) = = 0 | |
strncmp ( ( char * ) key . dptr , " ALLOC " , 5 ) = = 0 ) & &
value . dsize = = sizeof ( uint32_t ) )
{
/* this is a domain range assignment */
uint32_t range = IVAL ( value . dptr , 0 ) ;
printf ( " RANGE % " PRIu32 " : %s \n " , range , key . dptr ) ;
return 0 ;
}
return 0 ;
}
2003-06-21 12:35:30 +04:00
/***********************************************************
2007-06-26 23:15:26 +04:00
Helper function for net_idmap_dump . Dump one entry .
2003-06-21 12:35:30 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2012-11-30 00:40:15 +04:00
static int net_idmap_dump_one_tdb_entry ( struct db_record * rec ,
void * unused )
2003-06-21 12:35:30 +04:00
{
2011-08-17 13:47:48 +04:00
TDB_DATA key ;
TDB_DATA value ;
key = dbwrap_record_get_key ( rec ) ;
value = dbwrap_record_get_value ( rec ) ;
if ( strcmp ( ( char * ) key . dptr , " USER HWM " ) = = 0 ) {
printf ( _ ( " USER HWM %d \n " ) , IVAL ( value . dptr , 0 ) ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2011-08-17 13:47:48 +04:00
if ( strcmp ( ( char * ) key . dptr , " GROUP HWM " ) = = 0 ) {
printf ( _ ( " GROUP HWM %d \n " ) , IVAL ( value . dptr , 0 ) ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
2004-02-24 18:45:10 +03:00
}
2012-12-04 18:11:50 +04:00
if ( strncmp ( ( char * ) key . dptr , " S- " , 2 ) ! = 0 ) {
2007-06-26 23:15:26 +04:00
return 0 ;
2012-12-04 18:11:50 +04:00
}
2006-12-12 17:52:13 +03:00
2011-08-17 13:47:48 +04:00
printf ( " %s %s \n " , value . dptr , key . dptr ) ;
2007-06-26 23:15:26 +04:00
return 0 ;
}
2006-12-12 17:52:13 +03:00
2012-11-30 00:40:15 +04:00
static const char * net_idmap_dbfile ( struct net_context * c ,
struct idmap_dump_ctx * ctx )
2011-02-08 14:06:07 +03:00
{
const char * dbfile = NULL ;
2012-11-30 00:39:54 +04:00
const char * backend = NULL ;
2013-01-29 16:34:26 +04:00
backend = lp_idmap_default_backend ( ) ;
2012-11-30 00:39:54 +04:00
if ( ! backend ) {
2013-01-28 17:29:21 +04:00
d_printf ( _ ( " Internal error: 'idmap config * : backend' is not set! \n " ) ) ;
return NULL ;
2012-11-30 00:39:54 +04:00
}
2011-02-08 14:06:07 +03:00
if ( c - > opt_db ! = NULL ) {
dbfile = talloc_strdup ( talloc_tos ( ) , c - > opt_db ) ;
2011-02-09 01:16:31 +03:00
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
2012-11-30 00:39:54 +04:00
} else if ( strequal ( backend , " tdb " ) ) {
2011-02-08 14:06:07 +03:00
dbfile = state_path ( " winbindd_idmap.tdb " ) ;
2011-02-09 01:16:31 +03:00
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
2012-11-30 00:40:15 +04:00
ctx - > backend = TDB ;
2012-11-30 00:39:54 +04:00
} else if ( strequal ( backend , " tdb2 " ) ) {
2012-12-03 17:15:40 +04:00
dbfile = talloc_asprintf ( talloc_tos ( ) , " %s/idmap2.tdb " ,
lp_private_dir ( ) ) ;
2011-02-09 01:16:31 +03:00
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
2012-11-30 00:40:15 +04:00
ctx - > backend = TDB ;
} else if ( strequal ( backend , " autorid " ) ) {
dbfile = state_path ( " autorid.tdb " ) ;
if ( dbfile = = NULL ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
}
ctx - > backend = AUTORID ;
2011-02-08 14:06:07 +03:00
} else {
2012-11-30 00:39:54 +04:00
char * _backend = talloc_strdup ( talloc_tos ( ) , backend ) ;
char * args = strchr ( _backend , ' : ' ) ;
2011-02-08 14:06:07 +03:00
if ( args ! = NULL ) {
* args = ' \0 ' ;
}
d_printf ( _ ( " Sorry, 'idmap backend = %s' is currently not supported \n " ) ,
2012-11-30 00:39:54 +04:00
_backend ) ;
2011-02-08 14:06:07 +03:00
2012-11-30 00:39:54 +04:00
talloc_free ( _backend ) ;
2011-02-08 14:06:07 +03:00
}
2011-02-09 01:16:31 +03:00
2011-02-08 14:06:07 +03:00
return dbfile ;
}
2007-06-26 23:15:26 +04:00
/***********************************************************
Dump the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
static int net_idmap_dump ( struct net_context * c , int argc , const char * * argv )
2007-06-26 23:15:26 +04:00
{
2010-06-14 14:25:11 +04:00
struct db_context * db ;
TALLOC_CTX * mem_ctx ;
2011-02-08 14:40:23 +03:00
const char * dbfile ;
2011-08-17 13:47:48 +04:00
NTSTATUS status ;
2011-02-08 14:40:23 +03:00
int ret = - 1 ;
2012-11-30 00:40:15 +04:00
struct idmap_dump_ctx ctx = { . backend = TDB } ;
2004-02-24 18:45:10 +03:00
2011-02-08 14:40:23 +03:00
if ( argc > 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2011-02-08 14:40:23 +03:00
_ ( " net idmap dump [[--db=]<inputfile>] \n "
2009-07-30 14:04:53 +04:00
" Dump current ID mapping. \n "
" inputfile \t TDB file to read mappings from. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return c - > display_usage ? 0 : - 1 ;
}
2004-02-24 18:45:10 +03:00
2010-06-14 14:25:11 +04:00
mem_ctx = talloc_stackframe ( ) ;
2007-06-26 23:15:26 +04:00
2012-11-30 00:40:15 +04:00
dbfile = ( argc > 0 ) ? argv [ 0 ] : net_idmap_dbfile ( c , & ctx ) ;
2011-02-08 14:40:23 +03:00
if ( dbfile = = NULL ) {
goto done ;
}
d_fprintf ( stderr , _ ( " dumping id mapping from %s \n " ) , dbfile ) ;
2012-01-06 20:19:54 +04:00
db = db_open ( mem_ctx , dbfile , 0 , TDB_DEFAULT , O_RDONLY , 0 ,
DBWRAP_LOCK_ORDER_1 ) ;
2010-06-14 14:25:11 +04:00
if ( db = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open idmap db (%s): %s \n " ) ,
2011-02-09 15:47:21 +03:00
dbfile , strerror ( errno ) ) ;
2011-02-08 14:40:23 +03:00
goto done ;
2004-02-24 18:45:10 +03:00
}
2012-11-30 00:40:15 +04:00
if ( ctx . backend = = AUTORID ) {
status = dbwrap_traverse_read ( db ,
net_idmap_dump_one_autorid_entry ,
NULL , NULL ) ;
} else {
status = dbwrap_traverse_read ( db ,
net_idmap_dump_one_tdb_entry ,
NULL , NULL ) ;
}
2011-08-17 13:47:48 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , _ ( " error traversing the database \n " ) ) ;
ret = - 1 ;
goto done ;
}
2011-02-08 14:40:23 +03:00
ret = 0 ;
2007-06-26 23:15:26 +04:00
2011-02-08 14:40:23 +03:00
done :
2010-06-14 14:25:11 +04:00
talloc_free ( mem_ctx ) ;
2011-02-08 14:40:23 +03:00
return ret ;
2004-02-24 18:45:10 +03:00
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Write entries from stdin to current local idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-07-11 22:01:26 +04:00
2009-01-22 15:33:54 +03:00
static int net_idmap_store_id_mapping ( struct db_context * db ,
enum id_type type ,
unsigned long idval ,
const char * sid_string )
{
NTSTATUS status ;
char * idstr = NULL ;
switch ( type ) {
case ID_TYPE_UID :
idstr = talloc_asprintf ( talloc_tos ( ) , " UID %lu " , idval ) ;
break ;
case ID_TYPE_GID :
idstr = talloc_asprintf ( talloc_tos ( ) , " GID %lu " , idval ) ;
break ;
default :
d_fprintf ( stderr , " Invalid id mapping type: %d \n " , type ) ;
return - 1 ;
}
status = dbwrap_store_bystring ( db , idstr ,
string_term_tdb_data ( sid_string ) ,
TDB_REPLACE ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , " Error storing ID -> SID: "
" %s \n " , nt_errstr ( status ) ) ;
talloc_free ( idstr ) ;
return - 1 ;
}
status = dbwrap_store_bystring ( db , sid_string ,
string_term_tdb_data ( idstr ) ,
TDB_REPLACE ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , " Error storing SID -> ID: "
" %s \n " , nt_errstr ( status ) ) ;
talloc_free ( idstr ) ;
return - 1 ;
}
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_restore ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2009-01-22 15:33:54 +03:00
TALLOC_CTX * mem_ctx ;
FILE * input = NULL ;
struct db_context * db ;
2011-02-08 14:06:07 +03:00
const char * dbfile = NULL ;
2009-01-22 15:33:54 +03:00
int ret = 0 ;
2012-11-30 00:40:15 +04:00
struct idmap_dump_ctx ctx = { . backend = TDB } ;
2006-12-12 17:52:13 +03:00
2008-05-19 18:10:07 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2011-02-08 14:06:07 +03:00
_ ( " net idmap restore [--db=<TDB>] [<inputfile>] \n "
2009-07-30 14:04:53 +04:00
" Restore ID mappings from file \n "
2011-02-08 14:06:07 +03:00
" TDB \t File to store ID mappings to. "
2009-01-22 15:33:54 +03:00
" inputfile \t File to load ID mappings from. If not "
" given, load data from stdin. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return 0 ;
}
2009-01-22 15:33:54 +03:00
mem_ctx = talloc_stackframe ( ) ;
2012-11-30 00:40:15 +04:00
dbfile = net_idmap_dbfile ( c , & ctx ) ;
2003-06-21 12:35:30 +04:00
2011-02-09 01:24:57 +03:00
if ( dbfile = = NULL ) {
ret = - 1 ;
goto done ;
}
2012-11-30 00:40:15 +04:00
if ( ctx . backend ! = TDB ) {
d_fprintf ( stderr , _ ( " Sorry, restoring of non-TDB databases is "
" currently not supported \n " ) ) ;
ret = - 1 ;
goto done ;
}
2011-02-08 14:06:07 +03:00
d_fprintf ( stderr , _ ( " restoring id mapping to %s \n " ) , dbfile ) ;
2006-12-12 17:52:13 +03:00
if ( argc = = 1 ) {
input = fopen ( argv [ 0 ] , " r " ) ;
2011-02-08 14:03:08 +03:00
if ( input = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open input file (%s): %s \n " ) ,
argv [ 0 ] , strerror ( errno ) ) ;
ret = - 1 ;
goto done ;
}
2006-12-12 17:52:13 +03:00
} else {
input = stdin ;
}
2012-01-06 20:19:54 +04:00
db = db_open ( mem_ctx , dbfile , 0 , TDB_DEFAULT , O_RDWR | O_CREAT , 0644 ,
DBWRAP_LOCK_ORDER_1 ) ;
2009-01-22 15:33:54 +03:00
if ( db = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open idmap db (%s): %s \n " ) ,
dbfile , strerror ( errno ) ) ;
ret = - 1 ;
goto done ;
}
2011-08-17 13:47:48 +04:00
if ( dbwrap_transaction_start ( db ) ! = 0 ) {
2009-01-22 15:33:54 +03:00
d_fprintf ( stderr , _ ( " Failed to start transaction. \n " ) ) ;
ret = - 1 ;
goto done ;
}
2006-12-12 17:52:13 +03:00
while ( ! feof ( input ) ) {
char line [ 128 ] , sid_string [ 128 ] ;
2003-06-21 12:35:30 +04:00
int len ;
2006-12-12 17:52:13 +03:00
unsigned long idval ;
2011-10-06 23:24:07 +04:00
NTSTATUS status ;
2003-06-21 12:35:30 +04:00
2006-12-12 17:52:13 +03:00
if ( fgets ( line , 127 , input ) = = NULL )
2003-06-21 12:35:30 +04:00
break ;
len = strlen ( line ) ;
if ( ( len > 0 ) & & ( line [ len - 1 ] = = ' \n ' ) )
line [ len - 1 ] = ' \0 ' ;
2009-01-22 15:33:54 +03:00
if ( sscanf ( line , " GID %lu %128s " , & idval , sid_string ) = = 2 )
{
ret = net_idmap_store_id_mapping ( db , ID_TYPE_GID ,
idval , sid_string ) ;
if ( ret ! = 0 ) {
break ;
}
} else if ( sscanf ( line , " UID %lu %128s " , & idval , sid_string ) = = 2 )
{
ret = net_idmap_store_id_mapping ( db , ID_TYPE_UID ,
idval , sid_string ) ;
if ( ret ! = 0 ) {
break ;
}
2006-12-12 17:52:13 +03:00
} else if ( sscanf ( line , " USER HWM %lu " , & idval ) = = 1 ) {
2012-06-14 22:30:16 +04:00
status = dbwrap_store_int32_bystring (
db , " USER HWM " , idval ) ;
2011-10-06 23:24:07 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr ,
_ ( " Could not store USER HWM: %s \n " ) ,
nt_errstr ( status ) ) ;
2009-01-22 15:33:54 +03:00
break ;
2006-12-12 17:52:13 +03:00
}
} else if ( sscanf ( line , " GROUP HWM %lu " , & idval ) = = 1 ) {
2012-06-14 22:30:16 +04:00
status = dbwrap_store_int32_bystring (
db , " GROUP HWM " , idval ) ;
2011-10-06 23:24:07 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
2011-10-06 23:24:07 +04:00
_ ( " Could not store GROUP HWM: %s \n " ) ,
nt_errstr ( status ) ) ;
2009-01-22 15:33:54 +03:00
break ;
2006-12-12 17:52:13 +03:00
}
2006-07-11 22:01:26 +04:00
} else {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " ignoring invalid line [%s] \n " ) ,
line ) ;
2003-06-21 12:35:30 +04:00
continue ;
}
2009-01-22 15:33:54 +03:00
}
2003-06-21 12:35:30 +04:00
2009-01-22 15:33:54 +03:00
if ( ret = = 0 ) {
2011-08-17 13:47:48 +04:00
if ( dbwrap_transaction_commit ( db ) ! = 0 ) {
2009-01-22 15:33:54 +03:00
d_fprintf ( stderr , _ ( " Failed to commit transaction. \n " ) ) ;
ret = - 1 ;
2003-06-21 12:35:30 +04:00
}
2009-01-22 15:33:54 +03:00
} else {
2011-08-17 13:47:48 +04:00
if ( dbwrap_transaction_cancel ( db ) ! = 0 ) {
2009-01-22 15:33:54 +03:00
d_fprintf ( stderr , _ ( " Failed to cancel transaction. \n " ) ) ;
2003-06-21 12:35:30 +04:00
}
}
2009-01-22 15:33:54 +03:00
done :
if ( ( input ! = NULL ) & & ( input ! = stdin ) ) {
2006-12-12 17:52:13 +03:00
fclose ( input ) ;
}
2004-02-24 18:45:10 +03:00
2009-01-22 15:33:54 +03:00
talloc_free ( mem_ctx ) ;
return ret ;
2003-06-21 12:35:30 +04:00
}
2011-02-09 02:04:48 +03:00
static
NTSTATUS dbwrap_delete_mapping ( struct db_context * db , TDB_DATA key1 , bool force )
{
2013-01-30 18:46:47 +04:00
TALLOC_CTX * mem_ctx = talloc_stackframe ( ) ;
2011-02-09 02:04:48 +03:00
bool is_valid_mapping ;
NTSTATUS status = NT_STATUS_OK ;
2012-12-07 16:43:57 +04:00
TDB_DATA val1 , val2 ;
ZERO_STRUCT ( val1 ) ;
ZERO_STRUCT ( val2 ) ;
2011-02-09 02:04:48 +03:00
2012-12-07 16:43:57 +04:00
status = dbwrap_fetch ( db , mem_ctx , key1 , & val1 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-02-09 02:04:48 +03:00
DEBUG ( 1 , ( " failed to fetch: %.*s \n " , ( int ) key1 . dsize , key1 . dptr ) ) ;
goto done ;
}
2012-12-07 16:43:57 +04:00
if ( val1 . dptr = = NULL ) {
DEBUG ( 1 , ( " invalid mapping: %.*s -> empty value \n " ,
( int ) key1 . dsize , key1 . dptr ) ) ;
status = NT_STATUS_FILE_INVALID ;
2011-02-09 02:04:48 +03:00
goto done ;
}
DEBUG ( 2 , ( " mapping: %.*s -> %.*s \n " ,
2012-12-07 16:43:57 +04:00
( int ) key1 . dsize , key1 . dptr , ( int ) val1 . dsize , val1 . dptr ) ) ;
2011-02-09 02:04:48 +03:00
2012-12-07 16:43:57 +04:00
status = dbwrap_fetch ( db , mem_ctx , val1 , & val2 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " failed to fetch: %.*s \n " , ( int ) val1 . dsize , val1 . dptr ) ) ;
2011-02-09 02:04:48 +03:00
goto done ;
}
2012-12-07 16:43:57 +04:00
is_valid_mapping = tdb_data_equal ( key1 , val2 ) ;
2011-02-09 02:04:48 +03:00
if ( ! is_valid_mapping ) {
DEBUG ( 1 , ( " invalid mapping: %.*s -> %.*s -> %.*s \n " ,
2012-12-07 16:43:57 +04:00
( int ) key1 . dsize , key1 . dptr ,
( int ) val1 . dsize , val1 . dptr ,
( int ) val2 . dsize , val2 . dptr ) ) ;
2011-02-09 02:04:48 +03:00
if ( ! force ) {
status = NT_STATUS_FILE_INVALID ;
goto done ;
}
}
2012-12-07 16:43:57 +04:00
status = dbwrap_delete ( db , key1 ) ;
2011-02-09 02:04:48 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " failed to delete: %.*s \n " , ( int ) key1 . dsize , key1 . dptr ) ) ;
goto done ;
}
2013-01-30 18:50:52 +04:00
if ( ! is_valid_mapping ) {
goto done ;
}
status = dbwrap_delete ( db , val1 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " failed to delete: %.*s \n " , ( int ) val1 . dsize , val1 . dptr ) ) ;
2011-02-09 02:04:48 +03:00
}
2012-12-07 16:43:57 +04:00
2011-02-09 02:04:48 +03:00
done :
2013-01-30 18:46:47 +04:00
talloc_free ( mem_ctx ) ;
2011-02-09 02:04:48 +03:00
return status ;
}
static
NTSTATUS delete_mapping_action ( struct db_context * db , void * data )
{
return dbwrap_delete_mapping ( db , * ( TDB_DATA * ) data , false ) ;
}
static
NTSTATUS delete_mapping_action_force ( struct db_context * db , void * data )
{
return dbwrap_delete_mapping ( db , * ( TDB_DATA * ) data , true ) ;
}
2004-12-17 13:20:53 +03:00
/***********************************************************
Delete a SID mapping from a winbindd_idmap . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2011-02-09 02:04:48 +03:00
static bool delete_args_ok ( int argc , const char * * argv )
{
if ( argc ! = 1 )
return false ;
if ( strncmp ( argv [ 0 ] , " S- " , 2 ) = = 0 )
return true ;
if ( strncmp ( argv [ 0 ] , " GID " , 4 ) = = 0 )
return true ;
if ( strncmp ( argv [ 0 ] , " UID " , 4 ) = = 0 )
return true ;
return false ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_delete ( struct net_context * c , int argc , const char * * argv )
2004-12-17 13:20:53 +03:00
{
2011-02-09 02:04:48 +03:00
int ret = - 1 ;
struct db_context * db ;
TALLOC_CTX * mem_ctx ;
TDB_DATA key ;
NTSTATUS status ;
const char * dbfile ;
2012-11-30 00:40:15 +04:00
struct idmap_dump_ctx ctx = { . backend = TDB } ;
2011-02-09 02:04:48 +03:00
if ( ! delete_args_ok ( argc , argv ) | | c - > display_usage ) {
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net idmap delete [-f] [--db=<TDB>] <ID> \n "
" Delete mapping of ID from TDB. \n "
" -f \t force \n "
" TDB \t idmap database \n "
" ID \t SID|GID|UID \n " ) ) ;
return c - > display_usage ? 0 : - 1 ;
}
mem_ctx = talloc_stackframe ( ) ;
2012-11-30 00:40:15 +04:00
dbfile = net_idmap_dbfile ( c , & ctx ) ;
2011-02-09 02:04:48 +03:00
if ( dbfile = = NULL ) {
goto done ;
}
d_fprintf ( stderr , _ ( " deleting id mapping from %s \n " ) , dbfile ) ;
2012-01-06 20:19:54 +04:00
db = db_open ( mem_ctx , dbfile , 0 , TDB_DEFAULT , O_RDWR , 0 ,
DBWRAP_LOCK_ORDER_1 ) ;
2011-02-09 02:04:48 +03:00
if ( db = = NULL ) {
d_fprintf ( stderr , _ ( " Could not open idmap db (%s): %s \n " ) ,
dbfile , strerror ( errno ) ) ;
goto done ;
}
key = string_term_tdb_data ( argv [ 0 ] ) ;
status = dbwrap_trans_do ( db , ( c - > opt_force
? delete_mapping_action_force
: delete_mapping_action ) , & key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
d_fprintf ( stderr , _ ( " could not delete mapping: %s \n " ) ,
nt_errstr ( status ) ) ;
goto done ;
}
ret = 0 ;
done :
talloc_free ( mem_ctx ) ;
return ret ;
2006-12-12 17:52:13 +03:00
}
2004-12-17 13:20:53 +03:00
2008-05-10 01:22:12 +04:00
static int net_idmap_set ( struct net_context * c , int argc , const char * * argv )
2006-12-12 17:52:13 +03:00
{
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n " , _ ( " Not implemented yet " ) ) ;
2006-12-12 17:52:13 +03:00
return - 1 ;
}
2010-12-08 02:43:34 +03:00
static bool idmap_store_secret ( const char * backend ,
const char * domain ,
const char * identity ,
const char * secret )
2006-12-12 17:52:13 +03:00
{
char * tmp ;
int r ;
2007-10-19 04:40:25 +04:00
bool ret ;
2004-12-17 13:20:53 +03:00
2010-12-08 02:39:28 +03:00
r = asprintf ( & tmp , " IDMAP_%s_%s " , backend , domain ) ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
if ( r < 0 ) return false ;
2004-12-17 13:20:53 +03:00
2012-08-09 02:35:28 +04:00
/* make sure the key is case insensitive */
if ( ! strupper_m ( tmp ) ) {
free ( tmp ) ;
return false ;
}
2006-12-12 17:52:13 +03:00
ret = secrets_store_generic ( tmp , identity , secret ) ;
free ( tmp ) ;
return ret ;
}
2008-05-10 01:22:12 +04:00
static int net_idmap_secret ( struct net_context * c , int argc , const char * * argv )
2006-12-12 17:52:13 +03:00
{
TALLOC_CTX * ctx ;
const char * secret ;
const char * dn ;
char * domain ;
char * backend ;
char * opt = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2006-12-12 17:52:13 +03:00
2008-05-19 18:10:07 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
2010-05-31 17:00:38 +04:00
_ ( " Usage: \n " ) ,
_ ( " net idmap secret <DOMAIN> <secret> \n "
" Set the secret for the specified domain \n "
2009-07-30 14:04:53 +04:00
" DOMAIN \t Domain to set secret for. \n "
" secret \t New secret to set. \n " ) ) ;
2008-05-19 18:10:07 +04:00
return c - > display_usage ? 0 : - 1 ;
2004-12-17 13:20:53 +03:00
}
2006-12-12 17:52:13 +03:00
secret = argv [ 1 ] ;
2004-12-17 13:20:53 +03:00
2006-12-12 17:52:13 +03:00
ctx = talloc_new ( NULL ) ;
ALLOC_CHECK ( ctx ) ;
2004-12-17 13:20:53 +03:00
2010-05-31 17:00:38 +04:00
domain = talloc_strdup ( ctx , argv [ 0 ] ) ;
ALLOC_CHECK ( domain ) ;
2006-12-12 17:52:13 +03:00
2010-05-31 17:00:38 +04:00
opt = talloc_asprintf ( ctx , " idmap config %s " , domain ) ;
ALLOC_CHECK ( opt ) ;
2006-12-12 17:52:13 +03:00
2010-05-31 17:00:38 +04:00
backend = talloc_strdup ( ctx , lp_parm_const_string ( - 1 , opt , " backend " , " tdb " ) ) ;
ALLOC_CHECK ( backend ) ;
2004-12-17 13:20:53 +03:00
2013-02-21 23:33:13 +04:00
if ( ( ! backend ) | | ( ! strequal ( backend , " ldap " ) & &
! strequal ( backend , " rfc2307 " ) ) ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr ,
2013-02-21 23:33:13 +04:00
_ ( " The only currently supported backend are LDAP "
" and rfc2307 \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2010-05-31 17:00:38 +04:00
dn = lp_parm_const_string ( - 1 , opt , " ldap_user_dn " , NULL ) ;
if ( ! dn ) {
d_fprintf ( stderr ,
_ ( " Missing ldap_user_dn option for domain %s \n " ) ,
domain ) ;
talloc_free ( ctx ) ;
return - 1 ;
2006-12-12 17:52:13 +03:00
}
2010-12-08 02:39:28 +03:00
ret = idmap_store_secret ( " ldap " , domain , dn , secret ) ;
2010-05-31 17:00:38 +04:00
2006-12-12 17:52:13 +03:00
if ( ! ret ) {
2009-07-30 14:04:53 +04:00
d_fprintf ( stderr , _ ( " Failed to store secret \n " ) ) ;
2006-12-12 17:52:13 +03:00
talloc_free ( ctx ) ;
2004-12-17 13:20:53 +03:00
return - 1 ;
}
2009-07-30 14:04:53 +04:00
d_printf ( _ ( " Secret stored \n " ) ) ;
2004-12-17 13:20:53 +03:00
return 0 ;
}
2011-01-28 12:55:58 +03:00
static int net_idmap_check ( struct net_context * c , int argc , const char * * argv )
{
const char * dbfile ;
struct check_options opts ;
2012-11-30 00:40:15 +04:00
struct idmap_dump_ctx ctx = { . backend = TDB } ;
2011-01-28 12:55:58 +03:00
if ( argc > 1 | | c - > display_usage ) {
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2011-04-07 13:00:41 +04:00
_ ( " net idmap check [-v] [-r] [-a] [-T] [-f] [-l] [[--db=]<TDB>] \n "
2011-01-28 12:55:58 +03:00
" Check an idmap database. \n "
2011-04-07 13:00:41 +04:00
" --verbose,-v \t verbose \n "
2011-01-28 12:55:58 +03:00
" --repair,-r \t repair \n "
" --auto,-a \t noninteractive mode \n "
" --test,-T \t dry run \n "
2011-04-07 13:00:41 +04:00
" --fore,-f \t force \n "
" --lock,-l \t lock db while doing the check \n "
2011-01-28 12:55:58 +03:00
" TDB \t idmap database \n " ) ) ;
return c - > display_usage ? 0 : - 1 ;
}
2012-11-30 00:40:15 +04:00
dbfile = ( argc > 0 ) ? argv [ 0 ] : net_idmap_dbfile ( c , & ctx ) ;
2011-01-28 12:55:58 +03:00
if ( dbfile = = NULL ) {
return - 1 ;
}
2012-11-30 00:40:15 +04:00
if ( ctx . backend ! = TDB ) {
d_fprintf ( stderr , _ ( " Sorry, checking of non-TDB databases is "
" currently not supported \n " ) ) ;
return - 1 ;
}
2011-01-28 12:55:58 +03:00
d_fprintf ( stderr , _ ( " check database: %s \n " ) , dbfile ) ;
opts = ( struct check_options ) {
2011-04-07 13:00:41 +04:00
. lock = c - > opt_lock | | c - > opt_long_list_entries ,
2011-01-28 12:55:58 +03:00
. test = c - > opt_testmode ,
. automatic = c - > opt_auto ,
. verbose = c - > opt_verbose ,
. force = c - > opt_force ,
. repair = c - > opt_repair | | c - > opt_reboot ,
} ;
return net_idmap_check_db ( dbfile , & opts ) ;
}
2003-06-21 12:35:30 +04:00
/***********************************************************
Look at the current idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
int net_idmap ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-05-19 18:10:07 +04:00
{
" dump " ,
net_idmap_dump ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Dump the current ID mappings " ) ,
N_ ( " net idmap dump \n "
" Dump the current ID mappings " )
2008-05-19 18:10:07 +04:00
} ,
{
" restore " ,
net_idmap_restore ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Restore entries from stdin " ) ,
N_ ( " net idmap restore \n "
" Restore entries from stdin " )
2008-05-19 18:10:07 +04:00
} ,
{
" setmap " ,
net_idmap_set ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Not implemented yet " ) ,
N_ ( " net idmap setmap \n "
" Not implemented yet " )
2008-05-19 18:10:07 +04:00
} ,
{
" delete " ,
net_idmap_delete ,
NET_TRANSPORT_LOCAL ,
2011-02-09 02:04:48 +03:00
N_ ( " Delete ID mapping " ) ,
N_ ( " net idmap delete <ID> \n "
" Delete ID mapping " )
2008-05-19 18:10:07 +04:00
} ,
{
" secret " ,
net_idmap_secret ,
NET_TRANSPORT_LOCAL ,
2009-07-30 14:04:53 +04:00
N_ ( " Set secret for specified domain " ) ,
2010-12-08 02:41:28 +03:00
N_ ( " net idmap secret <DOMAIN> <secret> \n "
" Set secret for specified domain " )
2008-05-19 18:10:07 +04:00
} ,
2011-01-28 12:55:58 +03:00
{
" check " ,
net_idmap_check ,
NET_TRANSPORT_LOCAL ,
N_ ( " Check id mappings " ) ,
N_ ( " net idmap check \n "
" Check id mappings " )
} ,
2008-05-19 18:10:07 +04:00
{ NULL , NULL , 0 , NULL , NULL }
2003-06-21 12:35:30 +04:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net idmap " , func ) ;
2003-06-21 12:35:30 +04:00
}