This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "popt_common.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "rpc_client/cli_lsarpc.h"
-static pstring server;
+static char *server;
/* numeric is set when the user wants numeric SIDs and ACEs rather
than going via LSA calls to resolve them */
-static BOOL numeric;
-static BOOL verbose;
+static bool numeric;
+static bool verbose;
enum todo_values {NOOP_QUOTA=0,FS_QUOTA,USER_QUOTA,LIST_QUOTA,SET_QUOTA};
enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
-static struct cli_state *cli_ipc = NULL;
-static POLICY_HND pol;
-static BOOL got_policy_hnd;
+static struct cli_state *cli_ipc;
+static struct rpc_pipe_client *global_pipe_hnd;
+static struct policy_handle pol;
+static bool got_policy_hnd;
+static struct user_auth_info *smbcquotas_auth_info;
static struct cli_state *connect_one(const char *share);
/* Open cli connection and policy handle */
-static BOOL cli_open_policy_hnd(void)
+static bool cli_open_policy_hnd(void)
{
/* Initialise cli LSA connection */
if (!cli_ipc) {
+ NTSTATUS ret;
cli_ipc = connect_one("IPC$");
- if (!cli_nt_session_open (cli_ipc, PI_LSARPC)) {
+ ret = cli_rpc_pipe_open_noauth(cli_ipc,
+ &ndr_table_lsarpc.syntax_id,
+ &global_pipe_hnd);
+ if (!NT_STATUS_IS_OK(ret)) {
return False;
}
}
-
+
/* Open policy handle */
if (!got_policy_hnd) {
- /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
+ /* Some systems don't support SEC_FLAG_MAXIMUM_ALLOWED,
but NT sends 0x2000000 so we might as well do it too. */
- if (!NT_STATUS_IS_OK(cli_lsa_open_policy(cli_ipc, cli_ipc->mem_ctx, True,
+ if (!NT_STATUS_IS_OK(rpccli_lsa_open_policy(global_pipe_hnd, talloc_tos(), True,
GENERIC_EXECUTE_ACCESS, &pol))) {
return False;
}
}
/* convert a SID to a string, either numeric or username/group */
-static void SidToString(fstring str, DOM_SID *sid, BOOL _numeric)
+static void SidToString(fstring str, struct dom_sid *sid, bool _numeric)
{
char **domains = NULL;
char **names = NULL;
- uint32 *types = NULL;
+ enum lsa_SidType *types = NULL;
- sid_to_string(str, sid);
+ sid_to_fstring(str, sid);
if (_numeric) return;
/* Ask LSA to convert the sid to a name */
if (!cli_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_sids(cli_ipc, cli_ipc->mem_ctx,
+ !NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(global_pipe_hnd, talloc_tos(),
&pol, 1, sid, &domains,
&names, &types)) ||
!domains || !domains[0] || !names || !names[0]) {
}
/* convert a string to a SID, either numeric or username/group */
-static BOOL StringToSid(DOM_SID *sid, const char *str)
+static bool StringToSid(struct dom_sid *sid, const char *str)
{
- uint32 *types = NULL;
- DOM_SID *sids = NULL;
- BOOL result = True;
+ enum lsa_SidType *types = NULL;
+ struct dom_sid *sids = NULL;
+ bool result = True;
if (strncmp(str, "S-", 2) == 0) {
return string_to_sid(sid, str);
}
if (!cli_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_names(cli_ipc, cli_ipc->mem_ctx,
- &pol, 1, &str, &sids,
+ !NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, talloc_tos(),
+ &pol, 1, &str, NULL, 1, &sids,
&types))) {
result = False;
goto done;
enum {PARSE_FLAGS,PARSE_LIM};
-static int parse_quota_set(pstring set_str, pstring username_str, enum SMB_QUOTA_TYPE *qtype, int *cmd, SMB_NTQUOTA_STRUCT *pqt)
+static int parse_quota_set(TALLOC_CTX *ctx,
+ char *set_str,
+ char **pp_username_str,
+ enum SMB_QUOTA_TYPE *qtype,
+ int *cmd,
+ SMB_NTQUOTA_STRUCT *pqt)
{
char *p = set_str,*p2;
int todo;
- BOOL stop = False;
- BOOL enable = False;
- BOOL deny = False;
-
- if (strncasecmp(set_str,"UQLIM:",6)==0) {
+ bool stop = False;
+ bool enable = False;
+ bool deny = False;
+
+ *pp_username_str = NULL;
+ if (strnequal(set_str,"UQLIM:",6)) {
p += 6;
*qtype = SMB_USER_QUOTA_TYPE;
*cmd = QUOTA_SETLIM;
if ((p2=strstr(p,":"))==NULL) {
return -1;
}
-
+
*p2 = '\0';
p2++;
-
- fstrcpy(username_str,p);
+
+ *pp_username_str = talloc_strdup(ctx, p);
p = p2;
- } else if (strncasecmp(set_str,"FSQLIM:",7)==0) {
+ } else if (strnequal(set_str,"FSQLIM:",7)) {
p +=7;
*qtype = SMB_USER_FS_QUOTA_TYPE;
*cmd = QUOTA_SETLIM;
todo = PARSE_LIM;
- } else if (strncasecmp(set_str,"FSQFLAGS:",9)==0) {
+ } else if (strnequal(set_str,"FSQFLAGS:",9)) {
p +=9;
todo = PARSE_FLAGS;
*qtype = SMB_USER_FS_QUOTA_TYPE;
switch (todo) {
case PARSE_LIM:
-#if defined(HAVE_LONGLONG)
- if (sscanf(p,"%llu/%llu",&pqt->softlim,&pqt->hardlim)!=2) {
-#else
- if (sscanf(p,"%lu/%lu",&pqt->softlim,&pqt->hardlim)!=2) {
-#endif
+ if (sscanf(p,"%"PRIu64"/%"PRIu64,&pqt->softlim,&pqt->hardlim)!=2) {
return -1;
}
-
+
break;
case PARSE_FLAGS:
while (!stop) {
p2++;
}
- if (strncasecmp(p,"QUOTA_ENABLED",13)==0) {
+ if (strnequal(p,"QUOTA_ENABLED",13)) {
enable = True;
- } else if (strncasecmp(p,"DENY_DISK",9)==0) {
+ } else if (strnequal(p,"DENY_DISK",9)) {
deny = True;
- } else if (strncasecmp(p,"LOG_SOFTLIMIT",13)==0) {
+ } else if (strnequal(p,"LOG_SOFTLIMIT",13)) {
pqt->qflags |= QUOTAS_LOG_THRESHOLD;
- } else if (strncasecmp(p,"LOG_HARDLIMIT",13)==0) {
+ } else if (strnequal(p,"LOG_HARDLIMIT",13)) {
pqt->qflags |= QUOTAS_LOG_LIMIT;
} else {
return -1;
} else if (enable) {
pqt->qflags |= QUOTAS_ENABLED;
}
-
- break;
+
+ break;
}
return 0;
}
-static int do_quota(struct cli_state *cli, enum SMB_QUOTA_TYPE qtype, uint16 cmd, pstring username_str, SMB_NTQUOTA_STRUCT *pqt)
+static int do_quota(struct cli_state *cli,
+ enum SMB_QUOTA_TYPE qtype,
+ uint16 cmd,
+ const char *username_str,
+ SMB_NTQUOTA_STRUCT *pqt)
{
uint32 fs_attrs = 0;
- int quota_fnum = 0;
+ uint16_t quota_fnum = 0;
SMB_NTQUOTA_LIST *qtl = NULL;
SMB_NTQUOTA_STRUCT qt;
ZERO_STRUCT(qt);
- if (!cli_get_fs_attr_info(cli, &fs_attrs)) {
+ if (!NT_STATUS_IS_OK(cli_get_fs_attr_info(cli, &fs_attrs))) {
d_printf("Failed to get the filesystem attributes %s.\n",
cli_errstr(cli));
return -1;
if (!(fs_attrs & FILE_VOLUME_QUOTAS)) {
d_printf("Quotas are not supported by the server.\n");
- return 0;
+ return 0;
}
- if (!cli_get_quota_handle(cli, "a_fnum)) {
- d_printf("Failed to open \\%s %s.\n",
- FAKE_FILE_NAME_QUOTA,cli_errstr(cli));
+ if (!NT_STATUS_IS_OK(cli_get_quota_handle(cli, "a_fnum))) {
+ d_printf("Quotas are not enabled on this share.\n");
+ d_printf("Failed to open %s %s.\n",
+ FAKE_FILE_NAME_QUOTA_WIN32,cli_errstr(cli));
return -1;
}
d_printf("StringToSid() failed for [%s]\n",username_str);
return -1;
}
-
+
switch(cmd) {
case QUOTA_GET:
if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
return -1;
}
dump_ntquota_list(&qtl,verbose,numeric,SidToString);
- free_ntquota_list(&qtl);
+ free_ntquota_list(&qtl);
break;
default:
d_printf("Unknown Error\n");
return -1;
- }
+ }
break;
case SMB_USER_FS_QUOTA_TYPE:
switch(cmd) {
default:
d_printf("Unknown Error\n");
return -1;
- }
+ }
break;
default:
d_printf("Unknown Error\n");
return 0;
}
-/*****************************************************
-return a connection to a server
+/*****************************************************
+ Return a connection to a server.
*******************************************************/
+
static struct cli_state *connect_one(const char *share)
{
struct cli_state *c;
- struct in_addr ip;
+ struct sockaddr_storage ss;
NTSTATUS nt_status;
- zero_ip(&ip);
-
- if (!cmdline_auth_info.got_pass) {
- char *pass = getpass("Password: ");
- if (pass) {
- pstrcpy(cmdline_auth_info.password, pass);
- cmdline_auth_info.got_pass = True;
- }
+ uint32_t flags = 0;
+
+ zero_sockaddr(&ss);
+
+ if (get_cmdline_auth_info_use_machine_account(smbcquotas_auth_info) &&
+ !set_cmdline_auth_info_machine_account_creds(smbcquotas_auth_info)) {
+ return NULL;
}
- if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server,
- &ip, 0,
- share, "?????",
- cmdline_auth_info.username, lp_workgroup(),
- cmdline_auth_info.password, 0, NULL))) {
- return c;
- } else {
+ if (get_cmdline_auth_info_use_kerberos(smbcquotas_auth_info)) {
+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
+ CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+
+ }
+
+ set_cmdline_auth_info_getpass(smbcquotas_auth_info);
+
+ nt_status = cli_full_connection(&c, global_myname(), server,
+ &ss, 0,
+ share, "?????",
+ get_cmdline_auth_info_username(smbcquotas_auth_info),
+ lp_workgroup(),
+ get_cmdline_auth_info_password(smbcquotas_auth_info),
+ flags,
+ get_cmdline_auth_info_signing_state(smbcquotas_auth_info),
+ NULL);
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
return NULL;
}
+
+ if (get_cmdline_auth_info_smb_encrypt(smbcquotas_auth_info)) {
+ nt_status = cli_cm_force_encryption(c,
+ get_cmdline_auth_info_username(smbcquotas_auth_info),
+ get_cmdline_auth_info_password(smbcquotas_auth_info),
+ lp_workgroup(),
+ share);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(c);
+ return NULL;
+ }
+ }
+
+ return c;
}
/****************************************************************************
int opt;
int result;
int todo = 0;
- pstring username_str = {0};
- pstring path = {0};
- pstring set_str = {0};
- enum SMB_QUOTA_TYPE qtype;
+ char *username_str = NULL;
+ char *path = NULL;
+ char *set_str = NULL;
+ enum SMB_QUOTA_TYPE qtype = SMB_INVALID_QUOTA_TYPE;
int cmd = 0;
- static BOOL test_args = False;
+ static bool test_args = False;
struct cli_state *cli;
- BOOL fix_user = False;
+ bool fix_user = False;
SMB_NTQUOTA_STRUCT qt;
+ TALLOC_CTX *frame = talloc_stackframe();
poptContext pc;
struct poptOption long_options[] = {
POPT_AUTOHELP
UQLIM:<username>/<softlimit>/<hardlimit> for user quotas\n\
FSQLIM:<softlimit>/<hardlimit> for filesystem defaults\n\
FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" },
- { "numeric", 'n', POPT_ARG_NONE, &numeric, True, "Don't resolve sids or limits to names" },
- { "verbose", 'v', POPT_ARG_NONE, &verbose, True, "be verbose" },
- { "test-args", 't', POPT_ARG_NONE, &test_args, True, "Test arguments"},
+ { "numeric", 'n', POPT_ARG_NONE, NULL, 'n', "Don't resolve sids or limits to names" },
+ { "verbose", 'v', POPT_ARG_NONE, NULL, 'v', "be verbose" },
+ { "test-args", 't', POPT_ARG_NONE, NULL, 'r', "Test arguments"},
POPT_COMMON_SAMBA
POPT_COMMON_CREDENTIALS
{ NULL }
};
- ZERO_STRUCT(qt);
+ load_case_tables();
- setlinebuf(stdout);
+ ZERO_STRUCT(qt);
+ /* set default debug level to 1 regardless of what smb.conf sets */
+ setup_logging( "smbcquotas", True );
+ DEBUGLEVEL_CLASS[DBGC_ALL] = 1;
dbf = x_stderr;
+ x_setbuf( x_stderr, NULL );
- fault_setup(NULL);
-
- setup_logging(argv[0],True);
+ setlinebuf(stdout);
+ fault_setup(NULL);
- lp_load(dyn_CONFIGFILE,True,False,False);
+ lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
load_interfaces();
+ smbcquotas_auth_info = user_auth_info_init(frame);
+ if (smbcquotas_auth_info == NULL) {
+ exit(1);
+ }
+ popt_common_set_auth_info(smbcquotas_auth_info);
+
pc = poptGetContext("smbcquotas", argc, argv, long_options, 0);
-
+
poptSetOtherOptionHelp(pc, "//server1/share1");
while ((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
+ case 'n':
+ numeric = true;
+ break;
+ case 'v':
+ verbose = true;
+ break;
+ case 't':
+ test_args = true;
+ break;
case 'L':
if (todo != 0) {
d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
}
todo = FS_QUOTA;
break;
-
+
case 'u':
if (todo != 0) {
d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
exit(EXIT_PARSE_ERROR);
}
- pstrcpy(username_str,poptGetOptArg(pc));
+ username_str = talloc_strdup(frame, poptGetOptArg(pc));
+ if (!username_str) {
+ exit(EXIT_PARSE_ERROR);
+ }
todo = USER_QUOTA;
fix_user = True;
break;
-
+
case 'S':
if (todo != 0) {
d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
exit(EXIT_PARSE_ERROR);
}
- pstrcpy(set_str,poptGetOptArg(pc));
+ set_str = talloc_strdup(frame, poptGetOptArg(pc));
+ if (!set_str) {
+ exit(EXIT_PARSE_ERROR);
+ }
todo = SET_QUOTA;
break;
}
if (todo == 0)
todo = USER_QUOTA;
- if (!fix_user)
- pstrcpy(username_str,cmdline_auth_info.username);
+ if (!fix_user) {
+ username_str = talloc_strdup(
+ frame, get_cmdline_auth_info_username(smbcquotas_auth_info));
+ if (!username_str) {
+ exit(EXIT_PARSE_ERROR);
+ }
+ }
/* Make connection to server */
- if(!poptPeekArg(pc)) {
+ if(!poptPeekArg(pc)) {
poptPrintUsage(pc, stderr, 0);
exit(EXIT_PARSE_ERROR);
}
-
- pstrcpy(path, poptGetArg(pc));
- all_string_sub(path,"/","\\",0);
+ path = talloc_strdup(frame, poptGetArg(pc));
+ if (!path) {
+ printf("Out of memory\n");
+ exit(EXIT_PARSE_ERROR);
+ }
+
+ string_replace(path, '/', '\\');
- pstrcpy(server,path+2);
+ server = SMB_STRDUP(path+2);
+ if (!server) {
+ printf("Out of memory\n");
+ exit(EXIT_PARSE_ERROR);
+ }
share = strchr_m(server,'\\');
if (!share) {
- share = strchr_m(server,'/');
- if (!share) {
- printf("Invalid argument: %s\n", share);
- exit(EXIT_PARSE_ERROR);
- }
+ printf("Invalid argument: %s\n", share);
+ exit(EXIT_PARSE_ERROR);
}
*share = 0;
share++;
if (todo == SET_QUOTA) {
- if (parse_quota_set(set_str, username_str, &qtype, &cmd, &qt)) {
+ if (parse_quota_set(talloc_tos(), set_str, &username_str, &qtype, &cmd, &qt)) {
printf("Invalid argument: -S %s\n", set_str);
exit(EXIT_PARSE_ERROR);
}
break;
}
+ talloc_free(frame);
+
return result;
}
-