2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 2000
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Jeremy Allison 2000
8 Copyright (C) Stefan (metze) Metzmacher 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "../librpc/gen_ndr/ndr_lsa.h"
26 #include "rpc_client/cli_lsarpc.h"
30 /* numeric is set when the user wants numeric SIDs and ACEs rather
31 than going via LSA calls to resolve them */
35 enum todo_values {NOOP_QUOTA=0,FS_QUOTA,USER_QUOTA,LIST_QUOTA,SET_QUOTA};
36 enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
38 static struct cli_state *cli_ipc;
39 static struct rpc_pipe_client *global_pipe_hnd;
40 static struct policy_handle pol;
41 static bool got_policy_hnd;
42 static struct user_auth_info *smbcquotas_auth_info;
44 static struct cli_state *connect_one(const char *share);
46 /* Open cli connection and policy handle */
48 static bool cli_open_policy_hnd(void)
50 /* Initialise cli LSA connection */
54 cli_ipc = connect_one("IPC$");
55 ret = cli_rpc_pipe_open_noauth(cli_ipc,
56 &ndr_table_lsarpc.syntax_id,
58 if (!NT_STATUS_IS_OK(ret)) {
63 /* Open policy handle */
65 if (!got_policy_hnd) {
67 /* Some systems don't support SEC_FLAG_MAXIMUM_ALLOWED,
68 but NT sends 0x2000000 so we might as well do it too. */
70 if (!NT_STATUS_IS_OK(rpccli_lsa_open_policy(global_pipe_hnd, talloc_tos(), True,
71 GENERIC_EXECUTE_ACCESS, &pol))) {
75 got_policy_hnd = True;
81 /* convert a SID to a string, either numeric or username/group */
82 static void SidToString(fstring str, struct dom_sid *sid, bool _numeric)
84 char **domains = NULL;
86 enum lsa_SidType *types = NULL;
88 sid_to_fstring(str, sid);
92 /* Ask LSA to convert the sid to a name */
94 if (!cli_open_policy_hnd() ||
95 !NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(global_pipe_hnd, talloc_tos(),
96 &pol, 1, sid, &domains,
98 !domains || !domains[0] || !names || !names[0]) {
104 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
105 domains[0], lp_winbind_separator(),
110 /* convert a string to a SID, either numeric or username/group */
111 static bool StringToSid(struct dom_sid *sid, const char *str)
113 enum lsa_SidType *types = NULL;
114 struct dom_sid *sids = NULL;
117 if (strncmp(str, "S-", 2) == 0) {
118 return string_to_sid(sid, str);
121 if (!cli_open_policy_hnd() ||
122 !NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, talloc_tos(),
123 &pol, 1, &str, NULL, 1, &sids,
129 sid_copy(sid, &sids[0]);
136 #define QUOTA_SETLIM 2
137 #define QUOTA_SETFLAGS 3
140 enum {PARSE_FLAGS,PARSE_LIM};
142 static int parse_quota_set(TALLOC_CTX *ctx,
144 char **pp_username_str,
145 enum SMB_QUOTA_TYPE *qtype,
147 SMB_NTQUOTA_STRUCT *pqt)
149 char *p = set_str,*p2;
155 *pp_username_str = NULL;
156 if (strnequal(set_str,"UQLIM:",6)) {
158 *qtype = SMB_USER_QUOTA_TYPE;
161 if ((p2=strstr(p,":"))==NULL) {
168 *pp_username_str = talloc_strdup(ctx, p);
170 } else if (strnequal(set_str,"FSQLIM:",7)) {
172 *qtype = SMB_USER_FS_QUOTA_TYPE;
175 } else if (strnequal(set_str,"FSQFLAGS:",9)) {
178 *qtype = SMB_USER_FS_QUOTA_TYPE;
179 *cmd = QUOTA_SETFLAGS;
186 if (sscanf(p,"%"PRIu64"/%"PRIu64,&pqt->softlim,&pqt->hardlim)!=2) {
194 if ((p2=strstr(p,"/"))==NULL) {
201 if (strnequal(p,"QUOTA_ENABLED",13)) {
203 } else if (strnequal(p,"DENY_DISK",9)) {
205 } else if (strnequal(p,"LOG_SOFTLIMIT",13)) {
206 pqt->qflags |= QUOTAS_LOG_THRESHOLD;
207 } else if (strnequal(p,"LOG_HARDLIMIT",13)) {
208 pqt->qflags |= QUOTAS_LOG_LIMIT;
217 pqt->qflags |= QUOTAS_DENY_DISK;
219 pqt->qflags |= QUOTAS_ENABLED;
228 static int do_quota(struct cli_state *cli,
229 enum SMB_QUOTA_TYPE qtype,
231 const char *username_str,
232 SMB_NTQUOTA_STRUCT *pqt)
235 uint16_t quota_fnum = 0;
236 SMB_NTQUOTA_LIST *qtl = NULL;
237 SMB_NTQUOTA_STRUCT qt;
240 if (!NT_STATUS_IS_OK(cli_get_fs_attr_info(cli, &fs_attrs))) {
241 d_printf("Failed to get the filesystem attributes %s.\n",
246 if (!(fs_attrs & FILE_VOLUME_QUOTAS)) {
247 d_printf("Quotas are not supported by the server.\n");
251 if (!NT_STATUS_IS_OK(cli_get_quota_handle(cli, "a_fnum))) {
252 d_printf("Quotas are not enabled on this share.\n");
253 d_printf("Failed to open %s %s.\n",
254 FAKE_FILE_NAME_QUOTA_WIN32,cli_errstr(cli));
259 case SMB_USER_QUOTA_TYPE:
260 if (!StringToSid(&qt.sid, username_str)) {
261 d_printf("StringToSid() failed for [%s]\n",username_str);
267 if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
268 d_printf("%s cli_get_user_quota %s\n",
269 cli_errstr(cli),username_str);
272 dump_ntquota(&qt,verbose,numeric,SidToString);
276 if (!cli_set_user_quota(cli, quota_fnum, pqt)) {
277 d_printf("%s cli_set_user_quota %s\n",
278 cli_errstr(cli),username_str);
281 if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
282 d_printf("%s cli_get_user_quota %s\n",
283 cli_errstr(cli),username_str);
286 dump_ntquota(&qt,verbose,numeric,SidToString);
289 if (!cli_list_user_quota(cli, quota_fnum, &qtl)) {
290 d_printf("%s cli_set_user_quota %s\n",
291 cli_errstr(cli),username_str);
294 dump_ntquota_list(&qtl,verbose,numeric,SidToString);
295 free_ntquota_list(&qtl);
298 d_printf("Unknown Error\n");
302 case SMB_USER_FS_QUOTA_TYPE:
305 if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
306 d_printf("%s cli_get_fs_quota_info\n",
310 dump_ntquota(&qt,True,numeric,NULL);
313 if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
314 d_printf("%s cli_get_fs_quota_info\n",
318 qt.softlim = pqt->softlim;
319 qt.hardlim = pqt->hardlim;
320 if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
321 d_printf("%s cli_set_fs_quota_info\n",
325 if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
326 d_printf("%s cli_get_fs_quota_info\n",
330 dump_ntquota(&qt,True,numeric,NULL);
333 if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
334 d_printf("%s cli_get_fs_quota_info\n",
338 qt.qflags = pqt->qflags;
339 if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
340 d_printf("%s cli_set_fs_quota_info\n",
344 if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
345 d_printf("%s cli_get_fs_quota_info\n",
349 dump_ntquota(&qt,True,numeric,NULL);
352 d_printf("Unknown Error\n");
357 d_printf("Unknown Error\n");
361 cli_close(cli, quota_fnum);
366 /*****************************************************
367 Return a connection to a server.
368 *******************************************************/
370 static struct cli_state *connect_one(const char *share)
373 struct sockaddr_storage ss;
379 if (get_cmdline_auth_info_use_machine_account(smbcquotas_auth_info) &&
380 !set_cmdline_auth_info_machine_account_creds(smbcquotas_auth_info)) {
384 if (get_cmdline_auth_info_use_kerberos(smbcquotas_auth_info)) {
385 flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
386 CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
390 set_cmdline_auth_info_getpass(smbcquotas_auth_info);
392 nt_status = cli_full_connection(&c, global_myname(), server,
395 get_cmdline_auth_info_username(smbcquotas_auth_info),
397 get_cmdline_auth_info_password(smbcquotas_auth_info),
399 get_cmdline_auth_info_signing_state(smbcquotas_auth_info),
401 if (!NT_STATUS_IS_OK(nt_status)) {
402 DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
406 if (get_cmdline_auth_info_smb_encrypt(smbcquotas_auth_info)) {
407 nt_status = cli_cm_force_encryption(c,
408 get_cmdline_auth_info_username(smbcquotas_auth_info),
409 get_cmdline_auth_info_password(smbcquotas_auth_info),
412 if (!NT_STATUS_IS_OK(nt_status)) {
421 /****************************************************************************
423 ****************************************************************************/
424 int main(int argc, const char *argv[])
430 char *username_str = NULL;
432 char *set_str = NULL;
433 enum SMB_QUOTA_TYPE qtype = SMB_INVALID_QUOTA_TYPE;
435 static bool test_args = False;
436 struct cli_state *cli;
437 bool fix_user = False;
438 SMB_NTQUOTA_STRUCT qt;
439 TALLOC_CTX *frame = talloc_stackframe();
441 struct poptOption long_options[] = {
443 { "user", 'u', POPT_ARG_STRING, NULL, 'u', "Show quotas for user", "user" },
444 { "list", 'L', POPT_ARG_NONE, NULL, 'L', "List user quotas" },
445 { "fs", 'F', POPT_ARG_NONE, NULL, 'F', "Show filesystem quotas" },
446 { "set", 'S', POPT_ARG_STRING, NULL, 'S', "Set acls\n\
448 UQLIM:<username>/<softlimit>/<hardlimit> for user quotas\n\
449 FSQLIM:<softlimit>/<hardlimit> for filesystem defaults\n\
450 FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" },
451 { "numeric", 'n', POPT_ARG_NONE, NULL, 'n', "Don't resolve sids or limits to names" },
452 { "verbose", 'v', POPT_ARG_NONE, NULL, 'v', "be verbose" },
453 { "test-args", 't', POPT_ARG_NONE, NULL, 'r', "Test arguments"},
455 POPT_COMMON_CREDENTIALS
463 /* set default debug level to 1 regardless of what smb.conf sets */
464 setup_logging( "smbcquotas", True );
465 DEBUGLEVEL_CLASS[DBGC_ALL] = 1;
467 x_setbuf( x_stderr, NULL );
473 lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
476 smbcquotas_auth_info = user_auth_info_init(frame);
477 if (smbcquotas_auth_info == NULL) {
480 popt_common_set_auth_info(smbcquotas_auth_info);
482 pc = poptGetContext("smbcquotas", argc, argv, long_options, 0);
484 poptSetOtherOptionHelp(pc, "//server1/share1");
486 while ((opt = poptGetNextOpt(pc)) != -1) {
499 d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
500 exit(EXIT_PARSE_ERROR);
507 d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
508 exit(EXIT_PARSE_ERROR);
515 d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
516 exit(EXIT_PARSE_ERROR);
518 username_str = talloc_strdup(frame, poptGetOptArg(pc));
520 exit(EXIT_PARSE_ERROR);
528 d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
529 exit(EXIT_PARSE_ERROR);
531 set_str = talloc_strdup(frame, poptGetOptArg(pc));
533 exit(EXIT_PARSE_ERROR);
544 username_str = talloc_strdup(
545 frame, get_cmdline_auth_info_username(smbcquotas_auth_info));
547 exit(EXIT_PARSE_ERROR);
551 /* Make connection to server */
552 if(!poptPeekArg(pc)) {
553 poptPrintUsage(pc, stderr, 0);
554 exit(EXIT_PARSE_ERROR);
557 path = talloc_strdup(frame, poptGetArg(pc));
559 printf("Out of memory\n");
560 exit(EXIT_PARSE_ERROR);
563 string_replace(path, '/', '\\');
565 server = SMB_STRDUP(path+2);
567 printf("Out of memory\n");
568 exit(EXIT_PARSE_ERROR);
570 share = strchr_m(server,'\\');
572 printf("Invalid argument: %s\n", share);
573 exit(EXIT_PARSE_ERROR);
579 if (todo == SET_QUOTA) {
580 if (parse_quota_set(talloc_tos(), set_str, &username_str, &qtype, &cmd, &qt)) {
581 printf("Invalid argument: -S %s\n", set_str);
582 exit(EXIT_PARSE_ERROR);
587 cli = connect_one(share);
596 /* Perform requested action */
600 result = do_quota(cli,SMB_USER_FS_QUOTA_TYPE, QUOTA_GET, username_str, NULL);
603 result = do_quota(cli,SMB_USER_QUOTA_TYPE, QUOTA_LIST, username_str, NULL);
606 result = do_quota(cli,SMB_USER_QUOTA_TYPE, QUOTA_GET, username_str, NULL);
609 result = do_quota(cli, qtype, cmd, username_str, &qt);
613 result = EXIT_FAILED;