2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2003 Andrew Bartlett (abartlet@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/filesys.h"
22 #include "utils/net.h"
25 #include "dbwrap/dbwrap.h"
26 #include "dbwrap/dbwrap_open.h"
27 #include "../libcli/security/security.h"
28 #include "net_idmap_check.h"
31 #define ALLOC_CHECK(mem) do { \
33 d_fprintf(stderr, _("Out of memory!\n")); \
38 /***********************************************************
39 Helper function for net_idmap_dump. Dump one entry.
40 **********************************************************/
41 static int net_idmap_dump_one_entry(struct db_record *rec,
47 key = dbwrap_record_get_key(rec);
48 value = dbwrap_record_get_value(rec);
50 if (strcmp((char *)key.dptr, "USER HWM") == 0) {
51 printf(_("USER HWM %d\n"), IVAL(value.dptr,0));
55 if (strcmp((char *)key.dptr, "GROUP HWM") == 0) {
56 printf(_("GROUP HWM %d\n"), IVAL(value.dptr,0));
60 if (strncmp((char *)key.dptr, "S-", 2) != 0)
63 printf("%s %s\n", value.dptr, key.dptr);
67 static const char* net_idmap_dbfile(struct net_context *c)
69 const char* dbfile = NULL;
71 if (c->opt_db != NULL) {
72 dbfile = talloc_strdup(talloc_tos(), c->opt_db);
74 d_fprintf(stderr, _("Out of memory!\n"));
76 } else if (strequal(lp_idmap_backend(), "tdb")) {
77 dbfile = state_path("winbindd_idmap.tdb");
79 d_fprintf(stderr, _("Out of memory!\n"));
81 } else if (strequal(lp_idmap_backend(), "tdb2")) {
82 dbfile = lp_parm_talloc_string(talloc_tos(),
83 -1, "tdb", "idmap2.tdb", NULL);
85 dbfile = talloc_asprintf(talloc_tos(), "%s/idmap2.tdb",
89 d_fprintf(stderr, _("Out of memory!\n"));
92 char* backend = talloc_strdup(talloc_tos(), lp_idmap_backend());
93 char* args = strchr(backend, ':');
98 d_printf(_("Sorry, 'idmap backend = %s' is currently not supported\n"),
101 talloc_free(backend);
107 /***********************************************************
108 Dump the current idmap
109 **********************************************************/
110 static int net_idmap_dump(struct net_context *c, int argc, const char **argv)
112 struct db_context *db;
118 if ( argc > 1 || c->display_usage) {
121 _("net idmap dump [[--db=]<inputfile>]\n"
122 " Dump current ID mapping.\n"
123 " inputfile\tTDB file to read mappings from.\n"));
124 return c->display_usage?0:-1;
127 mem_ctx = talloc_stackframe();
129 dbfile = (argc > 0) ? argv[0] : net_idmap_dbfile(c);
130 if (dbfile == NULL) {
133 d_fprintf(stderr, _("dumping id mapping from %s\n"), dbfile);
135 db = db_open(mem_ctx, dbfile, 0, TDB_DEFAULT, O_RDONLY, 0,
136 DBWRAP_LOCK_ORDER_1);
138 d_fprintf(stderr, _("Could not open idmap db (%s): %s\n"),
139 dbfile, strerror(errno));
143 status = dbwrap_traverse_read(db, net_idmap_dump_one_entry, NULL, NULL);
144 if (!NT_STATUS_IS_OK(status)) {
145 d_fprintf(stderr, _("error traversing the database\n"));
153 talloc_free(mem_ctx);
157 /***********************************************************
158 Write entries from stdin to current local idmap
159 **********************************************************/
161 static int net_idmap_store_id_mapping(struct db_context *db,
164 const char *sid_string)
171 idstr = talloc_asprintf(talloc_tos(), "UID %lu", idval);
174 idstr = talloc_asprintf(talloc_tos(), "GID %lu", idval);
177 d_fprintf(stderr, "Invalid id mapping type: %d\n", type);
181 status = dbwrap_store_bystring(db, idstr,
182 string_term_tdb_data(sid_string),
184 if (!NT_STATUS_IS_OK(status)) {
185 d_fprintf(stderr, "Error storing ID -> SID: "
186 "%s\n", nt_errstr(status));
190 status = dbwrap_store_bystring(db, sid_string,
191 string_term_tdb_data(idstr),
193 if (!NT_STATUS_IS_OK(status)) {
194 d_fprintf(stderr, "Error storing SID -> ID: "
195 "%s\n", nt_errstr(status));
203 static int net_idmap_restore(struct net_context *c, int argc, const char **argv)
207 struct db_context *db;
208 const char *dbfile = NULL;
211 if (c->display_usage) {
214 _("net idmap restore [--db=<TDB>] [<inputfile>]\n"
215 " Restore ID mappings from file\n"
216 " TDB\tFile to store ID mappings to."
217 " inputfile\tFile to load ID mappings from. If not "
218 "given, load data from stdin.\n"));
222 mem_ctx = talloc_stackframe();
224 dbfile = net_idmap_dbfile(c);
226 if (dbfile == NULL) {
231 d_fprintf(stderr, _("restoring id mapping to %s\n"), dbfile);
234 input = fopen(argv[0], "r");
236 d_fprintf(stderr, _("Could not open input file (%s): %s\n"),
237 argv[0], strerror(errno));
245 db = db_open(mem_ctx, dbfile, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0644,
246 DBWRAP_LOCK_ORDER_1);
248 d_fprintf(stderr, _("Could not open idmap db (%s): %s\n"),
249 dbfile, strerror(errno));
254 if (dbwrap_transaction_start(db) != 0) {
255 d_fprintf(stderr, _("Failed to start transaction.\n"));
260 while (!feof(input)) {
261 char line[128], sid_string[128];
266 if (fgets(line, 127, input) == NULL)
271 if ( (len > 0) && (line[len-1] == '\n') )
274 if (sscanf(line, "GID %lu %128s", &idval, sid_string) == 2)
276 ret = net_idmap_store_id_mapping(db, ID_TYPE_GID,
281 } else if (sscanf(line, "UID %lu %128s", &idval, sid_string) == 2)
283 ret = net_idmap_store_id_mapping(db, ID_TYPE_UID,
288 } else if (sscanf(line, "USER HWM %lu", &idval) == 1) {
289 status = dbwrap_store_int32_bystring(
290 db, "USER HWM", idval);
291 if (!NT_STATUS_IS_OK(status)) {
293 _("Could not store USER HWM: %s\n"),
297 } else if (sscanf(line, "GROUP HWM %lu", &idval) == 1) {
298 status = dbwrap_store_int32_bystring(
299 db, "GROUP HWM", idval);
300 if (!NT_STATUS_IS_OK(status)) {
302 _("Could not store GROUP HWM: %s\n"),
307 d_fprintf(stderr, _("ignoring invalid line [%s]\n"),
314 if(dbwrap_transaction_commit(db) != 0) {
315 d_fprintf(stderr, _("Failed to commit transaction.\n"));
319 if (dbwrap_transaction_cancel(db) != 0) {
320 d_fprintf(stderr, _("Failed to cancel transaction.\n"));
325 if ((input != NULL) && (input != stdin)) {
329 talloc_free(mem_ctx);
334 NTSTATUS dbwrap_delete_mapping(struct db_context *db, TDB_DATA key1, bool force)
336 TALLOC_CTX* mem_ctx = talloc_tos();
337 struct db_record *rec1=NULL, *rec2=NULL;
339 bool is_valid_mapping;
340 NTSTATUS status = NT_STATUS_OK;
343 rec1 = dbwrap_fetch_locked(db, mem_ctx, key1);
345 DEBUG(1, ("failed to fetch: %.*s\n", (int)key1.dsize, key1.dptr));
346 status = NT_STATUS_NO_MEMORY;
349 key2 = dbwrap_record_get_value(rec1);
350 if (key2.dptr == NULL) {
351 DEBUG(1, ("could not find %.*s\n", (int)key1.dsize, key1.dptr));
352 status = NT_STATUS_NOT_FOUND;
356 DEBUG(2, ("mapping: %.*s -> %.*s\n",
357 (int)key1.dsize, key1.dptr, (int)key2.dsize, key2.dptr));
359 rec2 = dbwrap_fetch_locked(db, mem_ctx, key2);
361 DEBUG(1, ("failed to fetch: %.*s\n", (int)key2.dsize, key2.dptr));
362 status = NT_STATUS_NO_MEMORY;
366 value = dbwrap_record_get_value(rec2);
367 is_valid_mapping = tdb_data_equal(key1, value);
369 if (!is_valid_mapping) {
370 DEBUG(1, ("invalid mapping: %.*s -> %.*s -> %.*s\n",
371 (int)key1.dsize, key1.dptr, (int)key2.dsize, key2.dptr,
372 (int)value.dsize, value.dptr ));
374 status = NT_STATUS_FILE_INVALID;
379 status = dbwrap_record_delete(rec1);
380 if (!NT_STATUS_IS_OK(status)) {
381 DEBUG(1, ("failed to delete: %.*s\n", (int)key1.dsize, key1.dptr));
385 if (is_valid_mapping) {
386 status = dbwrap_record_delete(rec2);
387 if (!NT_STATUS_IS_OK(status)) {
388 DEBUG(1, ("failed to delete: %.*s\n", (int)key2.dsize, key2.dptr));
398 NTSTATUS delete_mapping_action(struct db_context *db, void* data)
400 return dbwrap_delete_mapping(db, *(TDB_DATA*)data, false);
403 NTSTATUS delete_mapping_action_force(struct db_context *db, void* data)
405 return dbwrap_delete_mapping(db, *(TDB_DATA*)data, true);
408 /***********************************************************
409 Delete a SID mapping from a winbindd_idmap.tdb
410 **********************************************************/
411 static bool delete_args_ok(int argc, const char **argv)
415 if (strncmp(argv[0], "S-", 2) == 0)
417 if (strncmp(argv[0], "GID ", 4) == 0)
419 if (strncmp(argv[0], "UID ", 4) == 0)
424 static int net_idmap_delete(struct net_context *c, int argc, const char **argv)
427 struct db_context *db;
433 if ( !delete_args_ok(argc,argv) || c->display_usage) {
436 _("net idmap delete [-f] [--db=<TDB>] <ID>\n"
437 " Delete mapping of ID from TDB.\n"
439 " TDB\tidmap database\n"
440 " ID\tSID|GID|UID\n"));
441 return c->display_usage ? 0 : -1;
444 mem_ctx = talloc_stackframe();
446 dbfile = net_idmap_dbfile(c);
447 if (dbfile == NULL) {
450 d_fprintf(stderr, _("deleting id mapping from %s\n"), dbfile);
452 db = db_open(mem_ctx, dbfile, 0, TDB_DEFAULT, O_RDWR, 0,
453 DBWRAP_LOCK_ORDER_1);
455 d_fprintf(stderr, _("Could not open idmap db (%s): %s\n"),
456 dbfile, strerror(errno));
460 key = string_term_tdb_data(argv[0]);
462 status = dbwrap_trans_do(db, (c->opt_force
463 ? delete_mapping_action_force
464 : delete_mapping_action), &key);
466 if (!NT_STATUS_IS_OK(status)) {
467 d_fprintf(stderr, _("could not delete mapping: %s\n"),
473 talloc_free(mem_ctx);
477 static int net_idmap_set(struct net_context *c, int argc, const char **argv)
479 d_printf("%s\n", _("Not implemented yet"));
482 static bool idmap_store_secret(const char *backend,
484 const char *identity,
491 r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain);
493 if (r < 0) return false;
495 strupper_m(tmp); /* make sure the key is case insensitive */
496 ret = secrets_store_generic(tmp, identity, secret);
503 static int net_idmap_secret(struct net_context *c, int argc, const char **argv)
513 if (argc != 2 || c->display_usage) {
516 _("net idmap secret <DOMAIN> <secret>\n"
517 " Set the secret for the specified domain\n"
518 " DOMAIN\tDomain to set secret for.\n"
519 " secret\tNew secret to set.\n"));
520 return c->display_usage?0:-1;
525 ctx = talloc_new(NULL);
528 domain = talloc_strdup(ctx, argv[0]);
531 opt = talloc_asprintf(ctx, "idmap config %s", domain);
534 backend = talloc_strdup(ctx, lp_parm_const_string(-1, opt, "backend", "tdb"));
535 ALLOC_CHECK(backend);
537 if ( ( ! backend) || ( ! strequal(backend, "ldap"))) {
539 _("The only currently supported backend is LDAP\n"));
544 dn = lp_parm_const_string(-1, opt, "ldap_user_dn", NULL);
547 _("Missing ldap_user_dn option for domain %s\n"),
553 ret = idmap_store_secret("ldap", domain, dn, secret);
556 d_fprintf(stderr, _("Failed to store secret\n"));
561 d_printf(_("Secret stored\n"));
565 static int net_idmap_check(struct net_context *c, int argc, const char **argv)
568 struct check_options opts;
570 if ( argc > 1 || c->display_usage) {
573 _("net idmap check [-v] [-r] [-a] [-T] [-f] [-l] [[--db=]<TDB>]\n"
574 " Check an idmap database.\n"
575 " --verbose,-v\tverbose\n"
576 " --repair,-r\trepair\n"
577 " --auto,-a\tnoninteractive mode\n"
578 " --test,-T\tdry run\n"
579 " --fore,-f\tforce\n"
580 " --lock,-l\tlock db while doing the check\n"
581 " TDB\tidmap database\n"));
582 return c->display_usage ? 0 : -1;
585 dbfile = (argc > 0) ? argv[0] : net_idmap_dbfile(c);
586 if (dbfile == NULL) {
589 d_fprintf(stderr, _("check database: %s\n"), dbfile);
591 opts = (struct check_options) {
592 .lock = c->opt_lock || c->opt_long_list_entries,
593 .test = c->opt_testmode,
594 .automatic = c->opt_auto,
595 .verbose = c->opt_verbose,
596 .force = c->opt_force,
597 .repair = c->opt_repair || c->opt_reboot,
600 return net_idmap_check_db(dbfile, &opts);
603 static int net_idmap_aclmapset(struct net_context *c, int argc, const char **argv)
607 struct dom_sid src_sid, dst_sid;
609 struct db_context *db;
610 struct db_record *rec;
613 if (argc != 3 || c->display_usage) {
614 d_fprintf(stderr, "%s net idmap aclmapset <tdb> "
615 "<src-sid> <dst-sid>\n", _("Usage:"));
619 if (!(mem_ctx = talloc_init("net idmap aclmapset"))) {
620 d_fprintf(stderr, _("talloc_init failed\n"));
624 if (!(db = db_open(mem_ctx, argv[0], 0, TDB_DEFAULT,
625 O_RDWR|O_CREAT, 0600,
626 DBWRAP_LOCK_ORDER_1))) {
627 d_fprintf(stderr, _("db_open failed: %s\n"), strerror(errno));
631 if (!string_to_sid(&src_sid, argv[1])) {
632 d_fprintf(stderr, _("%s is not a valid sid\n"), argv[1]);
636 if (!string_to_sid(&dst_sid, argv[2])) {
637 d_fprintf(stderr, _("%s is not a valid sid\n"), argv[2]);
641 if (!(src = sid_string_talloc(mem_ctx, &src_sid))
642 || !(dst = sid_string_talloc(mem_ctx, &dst_sid))) {
643 d_fprintf(stderr, _("talloc_strdup failed\n"));
647 if (!(rec = dbwrap_fetch_locked(
648 db, mem_ctx, string_term_tdb_data(src)))) {
649 d_fprintf(stderr, _("could not fetch db record\n"));
653 status = dbwrap_record_store(rec, string_term_tdb_data(dst), 0);
656 if (!NT_STATUS_IS_OK(status)) {
657 d_fprintf(stderr, _("could not store record: %s\n"),
664 TALLOC_FREE(mem_ctx);
668 /***********************************************************
669 Look at the current idmap
670 **********************************************************/
671 int net_idmap(struct net_context *c, int argc, const char **argv)
673 struct functable func[] = {
678 N_("Dump the current ID mappings"),
679 N_("net idmap dump\n"
680 " Dump the current ID mappings")
686 N_("Restore entries from stdin"),
687 N_("net idmap restore\n"
688 " Restore entries from stdin")
694 N_("Not implemented yet"),
695 N_("net idmap setmap\n"
696 " Not implemented yet")
702 N_("Delete ID mapping"),
703 N_("net idmap delete <ID>\n"
704 " Delete ID mapping")
710 N_("Set secret for specified domain"),
711 N_("net idmap secret <DOMAIN> <secret>\n"
712 " Set secret for specified domain")
719 N_("net idmap aclmapset\n"
726 N_("Check id mappings"),
727 N_("net idmap check\n"
728 " Check id mappings")
730 {NULL, NULL, 0, NULL, NULL}
733 return net_run_function(c, argc, argv, "net idmap", func);
git.samba.org / metze / samba / wip.git / blob