search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r21776: fix bugs #4438 #4440
[Samba/bb.git] / source / utils / net_idmap.c
blobdd16c4b02d937f31bde97441f41f56845c49571e
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2003 Andrew Bartlett (abartlet@samba.org)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20 #include "includes.h"
21 #include "utils/net.h"
22
23 #define ALLOC_CHECK(mem) do { \
24 if (!mem) { \
25 d_fprintf(stderr, "Out of memory!\n"); \
26 talloc_free(ctx); \
27 return -1; \
28 } } while(0)
29
30 /***********************************************************
31 Dump the current idmap
32 **********************************************************/
33 static int net_idmap_dump(int argc, const char **argv)
34 {
35 TALLOC_CTX *ctx;
36 char *filename;
37
38 if (argc != 1) {
39 return net_help_idmap(argc, argv);
40 }
41
42 if (! winbind_ping()) {
43 d_fprintf(stderr, "To use net idmap Winbindd must be running.\n");
44 return -1;
45 }
46
47 ctx = talloc_new(NULL);
48 ALLOC_CHECK(ctx);
49
50 filename = talloc_strdup(ctx, argv[0]);
51 ALLOC_CHECK(filename);
52
53 /* filename must be absolute */
54 if (*filename != '/') {
55 char path[4096];
56
57 filename = getcwd(path, 4095);
58 if ( ! filename) {
59 d_fprintf(stderr, "Failed to obtain full output file path");
60 talloc_free(ctx);
61 return -1;
62 }
63
64 filename = talloc_asprintf(ctx, "%s/%s", path, argv[0]);
65 ALLOC_CHECK(filename);
66 }
67
68 if ( ! winbind_idmap_dump_maps(ctx, filename)) {
69 d_fprintf(stderr, "Failed to obtain idmap data from winbindd\n");
70 talloc_free(ctx);
71 return -1;
72 }
73
74 talloc_free(ctx);
75 return 0;
76 }
77
78 /***********************************************************
79 Write entries from stdin to current local idmap
80 **********************************************************/
81
82 static int net_idmap_restore(int argc, const char **argv)
83 {
84 TALLOC_CTX *ctx;
85 FILE *input;
86
87 if (! winbind_ping()) {
88 d_fprintf(stderr, "To use net idmap Winbindd must be running.\n");
89 return -1;
90 }
91
92 ctx = talloc_new(NULL);
93 ALLOC_CHECK(ctx);
94
95 if (argc == 1) {
96 input = fopen(argv[0], "r");
97 } else {
98 input = stdin;
99 }
100
101 while (!feof(input)) {
102 char line[128], sid_string[128];
103 int len;
104 DOM_SID sid;
105 struct id_map map;
106 unsigned long idval;
107
108 if (fgets(line, 127, input) == NULL)
109 break;
110
111 len = strlen(line);
112
113 if ( (len > 0) && (line[len-1] == '\n') )
114 line[len-1] = '\0';
115
116 if (sscanf(line, "GID %lu %128s", &idval, sid_string) == 2) {
117 map.xid.type = ID_TYPE_GID;
118 map.xid.id = idval;
119 } else if (sscanf(line, "UID %lu %128s", &idval, sid_string) == 2) {
120 map.xid.type = ID_TYPE_UID;
121 map.xid.id = idval;
122 } else if (sscanf(line, "USER HWM %lu", &idval) == 1) {
123 /* set uid hwm */
124 if (! winbind_set_uid_hwm(idval)) {
125 d_fprintf(stderr, "Could not set USER HWM\n");
126 }
127 continue;
128 } else if (sscanf(line, "GROUP HWM %lu", &idval) == 1) {
129 /* set gid hwm */
130 if (! winbind_set_gid_hwm(idval)) {
131 d_fprintf(stderr, "Could not set GROUP HWM\n");
132 }
133 continue;
134 } else {
135 d_fprintf(stderr, "ignoring invalid line [%s]\n", line);
136 continue;
137 }
138
139 if (!string_to_sid(&sid, sid_string)) {
140 d_fprintf(stderr, "ignoring invalid sid [%s]\n", sid_string);
141 continue;
142 }
143 map.sid = &sid;
144
145 if (!winbind_set_mapping(&map)) {
146 d_fprintf(stderr, "Could not set mapping of %s %lu to sid %s\n",
147 (map.xid.type == ID_TYPE_GID) ? "GID" : "UID",
148 (unsigned long)map.xid.id, sid_string_static(map.sid));
149 continue;
150 }
151
152 }
153
154 if (input != stdin) {
155 fclose(input);
156 }
157
158 talloc_free(ctx);
159 return 0;
160 }
161
162 /***********************************************************
163 Delete a SID mapping from a winbindd_idmap.tdb
164 **********************************************************/
165 static int net_idmap_delete(int argc, const char **argv)
166 {
167 d_printf("Not Implemented yet\n");
168 return -1;
169 }
170
171 static int net_idmap_set(int argc, const char **argv)
172 {
173 d_printf("Not Implemented yet\n");
174 return -1;
175 }
176 BOOL idmap_store_secret(const char *backend, bool alloc,
177 const char *domain, const char *identity,
178 const char *secret)
179 {
180 char *tmp;
181 int r;
182 BOOL ret;
183
184 if (alloc) {
185 r = asprintf(&tmp, "IDMAP_ALLOC_%s", backend);
186 } else {
187 r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain);
188 }
189
190 if (r < 0) return false;
191
192 strupper_m(tmp); /* make sure the key is case insensitive */
193 ret = secrets_store_generic(tmp, identity, secret);
194
195 free(tmp);
196 return ret;
197 }
198
199
200 static int net_idmap_secret(int argc, const char **argv)
201 {
202 TALLOC_CTX *ctx;
203 const char *secret;
204 const char *dn;
205 char *domain;
206 char *backend;
207 char *opt = NULL;
208 BOOL ret;
209
210 if (argc != 2) {
211 return net_help_idmap(argc, argv);
212 }
213
214 secret = argv[1];
215
216 ctx = talloc_new(NULL);
217 ALLOC_CHECK(ctx);
218
219 if (strcmp(argv[0], "alloc") == 0) {
220 domain = NULL;
221 backend = lp_idmap_alloc_backend();
222 } else {
223 domain = talloc_strdup(ctx, argv[0]);
224 ALLOC_CHECK(domain);
225
226 opt = talloc_asprintf(ctx, "idmap config %s", domain);
227 ALLOC_CHECK(opt);
228
229 backend = talloc_strdup(ctx, lp_parm_const_string(-1, opt, "backend", "tdb"));
230 ALLOC_CHECK(backend);
231 }
232
233 if ( ( ! backend) || ( ! strequal(backend, "ldap"))) {
234 d_fprintf(stderr, "The only currently supported backend is LDAP\n");
235 talloc_free(ctx);
236 return -1;
237 }
238
239 if (domain) {
240
241 dn = lp_parm_const_string(-1, opt, "ldap_user_dn", NULL);
242 if ( ! dn) {
243 d_fprintf(stderr, "Missing ldap_user_dn option for domain %s\n", domain);
244 talloc_free(ctx);
245 return -1;
246 }
247
248 ret = idmap_store_secret("ldap", false, domain, dn, secret);
249 } else {
250 dn = lp_parm_const_string(-1, "idmap alloc config", "ldap_user_dn", NULL);
251 if ( ! dn) {
252 d_fprintf(stderr, "Missing ldap_user_dn option for alloc backend\n");
253 talloc_free(ctx);
254 return -1;
255 }
256
257 ret = idmap_store_secret("ldap", true, NULL, dn, secret);
258 }
259
260 if ( ! ret) {
261 d_fprintf(stderr, "Failed to store secret\n");
262 talloc_free(ctx);
263 return -1;
264 }
265
266 d_printf("Secret stored\n");
267 return 0;
268 }
269
270 int net_help_idmap(int argc, const char **argv)
271 {
272 d_printf("net idmap dump <outputfile>\n"\
273 " Dump current id mapping\n");
274
275 d_printf("net idmap restore\n"\
276 " Restore entries from stdin\n");
277
278 /* Deliberately *not* document net idmap delete */
279
280 d_printf("net idmap secret <DOMAIN>|alloc <secret>\n"\
281 " Set the secret for the specified DOMAIN (or the alloc module)\n");
282
283 return -1;
284 }
285
286 /***********************************************************
287 Look at the current idmap
288 **********************************************************/
289 int net_idmap(int argc, const char **argv)
290 {
291 struct functable func[] = {
292 {"dump", net_idmap_dump},
293 {"restore", net_idmap_restore},
294 {"setmap", net_idmap_set },
295 {"delete", net_idmap_delete},
296 {"secret", net_idmap_secret},
297 {"help", net_help_idmap},
298 {NULL, NULL}
299 };
300
301 return net_run_function(argc, argv, func, net_help_idmap);
302 }
303
304