root/source3/utils/net_idmap.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. net_idmap_dump_one_entry
  2. net_idmap_dump
  3. net_idmap_restore
  4. net_idmap_delete
  5. net_idmap_set
  6. idmap_store_secret
  7. net_idmap_secret
  8. net_help_idmap
  9. net_idmap_aclmapset
  10. net_idmap

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2003 Andrew Bartlett (abartlet@samba.org)
   5 
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10 
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15 
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 
  20 #include "includes.h"
  21 #include "utils/net.h"
  22 
  23 #define ALLOC_CHECK(mem) do { \
  24         if (!mem) { \
  25                 d_fprintf(stderr, "Out of memory!\n"); \
  26                 talloc_free(ctx); \
  27                 return -1; \
  28         } } while(0)
  29 
  30 /***********************************************************
  31  Helper function for net_idmap_dump. Dump one entry.
  32  **********************************************************/
  33 static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb,
     /* [<][>][^][v][top][bottom][index][help] */
  34                                     TDB_DATA key,
  35                                     TDB_DATA data,
  36                                     void *unused)
  37 {
  38         if (strcmp((char *)key.dptr, "USER HWM") == 0) {
  39                 printf("USER HWM %d\n", IVAL(data.dptr,0));
  40                 return 0;
  41         }
  42 
  43         if (strcmp((char *)key.dptr, "GROUP HWM") == 0) {
  44                 printf("GROUP HWM %d\n", IVAL(data.dptr,0));
  45                 return 0;
  46         }
  47 
  48         if (strncmp((char *)key.dptr, "S-", 2) != 0)
  49                 return 0;
  50 
  51         printf("%s %s\n", data.dptr, key.dptr);
  52         return 0;
  53 }
  54 
  55 /***********************************************************
  56  Dump the current idmap
  57  **********************************************************/
  58 static int net_idmap_dump(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
  59 {
  60         TDB_CONTEXT *idmap_tdb;
  61 
  62         if ( argc != 1  || c->display_usage) {
  63                 d_printf("Usage:\n"
  64                          "net idmap dump <inputfile>\n"
  65                          "  Dump current ID mapping.\n"
  66                          "    inputfile\tTDB file to read mappings from.\n");
  67                 return c->display_usage?0:-1;
  68         }
  69 
  70         idmap_tdb = tdb_open_log(argv[0], 0, TDB_DEFAULT, O_RDONLY, 0);
  71 
  72         if (idmap_tdb == NULL) {
  73                 d_fprintf(stderr, "Could not open idmap: %s\n", argv[0]);
  74                 return -1;
  75         }
  76 
  77         tdb_traverse(idmap_tdb, net_idmap_dump_one_entry, NULL);
  78 
  79         tdb_close(idmap_tdb);
  80 
  81         return 0;
  82 }
  83 
  84 /***********************************************************
  85  Write entries from stdin to current local idmap
  86  **********************************************************/
  87 
  88 static int net_idmap_restore(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
  89 {
  90         TALLOC_CTX *ctx;
  91         FILE *input;
  92 
  93         if (c->display_usage) {
  94                 d_printf("Usage:\n"
  95                          "net idmap restore [inputfile]\n"
  96                          "  Restore ID mappings from file\n"
  97                          "    inputfile\tFile to load ID mappings from. If not "
  98                          "given, load data from stdin.\n");
  99                 return 0;
 100         }
 101 
 102         if (! winbind_ping()) {
 103                 d_fprintf(stderr, "To use net idmap Winbindd must be running.\n");
 104                 return -1;
 105         }
 106 
 107         ctx = talloc_new(NULL);
 108         ALLOC_CHECK(ctx);
 109 
 110         if (argc == 1) {
 111                 input = fopen(argv[0], "r");
 112         } else {
 113                 input = stdin;
 114         }
 115 
 116         while (!feof(input)) {
 117                 char line[128], sid_string[128];
 118                 int len;
 119                 struct wbcDomainSid sid;
 120                 enum id_type type = ID_TYPE_NOT_SPECIFIED;
 121                 unsigned long idval;
 122                 wbcErr wbc_status;
 123 
 124                 if (fgets(line, 127, input) == NULL)
 125                         break;
 126 
 127                 len = strlen(line);
 128 
 129                 if ( (len > 0) && (line[len-1] == '\n') )
 130                         line[len-1] = '\0';
 131 
 132                 if (sscanf(line, "GID %lu %128s", &idval, sid_string) == 2) {
 133                         type = ID_TYPE_GID;
 134                 } else if (sscanf(line, "UID %lu %128s", &idval, sid_string) == 2) {
 135                         type = ID_TYPE_UID;
 136                 } else if (sscanf(line, "USER HWM %lu", &idval) == 1) {
 137                         /* set uid hwm */
 138                         wbc_status = wbcSetUidHwm(idval);
 139                         if (!WBC_ERROR_IS_OK(wbc_status)) {
 140                                 d_fprintf(stderr, "Could not set USER HWM: %s\n",
 141                                           wbcErrorString(wbc_status));
 142                         }
 143                         continue;
 144                 } else if (sscanf(line, "GROUP HWM %lu", &idval) == 1) {
 145                         /* set gid hwm */
 146                         wbc_status = wbcSetGidHwm(idval);
 147                         if (!WBC_ERROR_IS_OK(wbc_status)) {
 148                                 d_fprintf(stderr, "Could not set GROUP HWM: %s\n",
 149                                           wbcErrorString(wbc_status));
 150                         }
 151                         continue;
 152                 } else {
 153                         d_fprintf(stderr, "ignoring invalid line [%s]\n", line);
 154                         continue;
 155                 }
 156 
 157                 wbc_status = wbcStringToSid(sid_string, &sid);
 158                 if (!WBC_ERROR_IS_OK(wbc_status)) {
 159                         d_fprintf(stderr, "ignoring invalid sid [%s]: %s\n",
 160                                   sid_string, wbcErrorString(wbc_status));
 161                         continue;
 162                 }
 163 
 164                 if (type == ID_TYPE_UID) {
 165                         wbc_status = wbcSetUidMapping(idval, &sid);
 166                 } else {
 167                         wbc_status = wbcSetGidMapping(idval, &sid);
 168                 }
 169                 if (!WBC_ERROR_IS_OK(wbc_status)) {
 170                         d_fprintf(stderr, "Could not set mapping of %s %lu to sid %s: %s\n",
 171                                  (type == ID_TYPE_GID) ? "GID" : "UID",
 172                                  idval, sid_string,
 173                                  wbcErrorString(wbc_status));
 174                         continue;
 175                 }
 176         }
 177 
 178         if (input != stdin) {
 179                 fclose(input);
 180         }
 181 
 182         talloc_free(ctx);
 183         return 0;
 184 }
 185 
 186 /***********************************************************
 187  Delete a SID mapping from a winbindd_idmap.tdb
 188  **********************************************************/
 189 static int net_idmap_delete(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 190 {
 191         d_printf("Not Implemented yet\n");
 192         return -1;
 193 }
 194 
 195 static int net_idmap_set(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 196 {
 197         d_printf("Not Implemented yet\n");
 198         return -1;
 199 }
 200 bool idmap_store_secret(const char *backend, bool alloc,
     /* [<][>][^][v][top][bottom][index][help] */
 201                         const char *domain, const char *identity,
 202                         const char *secret)
 203 {
 204         char *tmp;
 205         int r;
 206         bool ret;
 207 
 208         if (alloc) {
 209                 r = asprintf(&tmp, "IDMAP_ALLOC_%s", backend);
 210         } else {
 211                 r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain);
 212         }
 213 
 214         if (r < 0) return false;
 215 
 216         strupper_m(tmp); /* make sure the key is case insensitive */
 217         ret = secrets_store_generic(tmp, identity, secret);
 218 
 219         free(tmp);
 220         return ret;
 221 }
 222 
 223 
 224 static int net_idmap_secret(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 225 {
 226         TALLOC_CTX *ctx;
 227         const char *secret;
 228         const char *dn;
 229         char *domain;
 230         char *backend;
 231         char *opt = NULL;
 232         bool ret;
 233 
 234         if (argc != 2 || c->display_usage) {
 235                 d_printf("Usage:\n"
 236                          "net idmap secret {<DOMAIN>|alloc} <secret>\n"
 237                          "  Set the secret for the specified domain "
 238                          "(or alloc module)\n"
 239                          "    DOMAIN\tDomain to set secret for.\n"
 240                          "    alloc\tSet secret for the alloc module\n"
 241                          "    secret\tNew secret to set.\n");
 242                 return c->display_usage?0:-1;
 243         }
 244 
 245         secret = argv[1];
 246 
 247         ctx = talloc_new(NULL);
 248         ALLOC_CHECK(ctx);
 249 
 250         if (strcmp(argv[0], "alloc") == 0) {
 251                 domain = NULL;
 252                 backend = lp_idmap_alloc_backend();
 253         } else {
 254                 domain = talloc_strdup(ctx, argv[0]);
 255                 ALLOC_CHECK(domain);
 256 
 257                 opt = talloc_asprintf(ctx, "idmap config %s", domain);
 258                 ALLOC_CHECK(opt);
 259 
 260                 backend = talloc_strdup(ctx, lp_parm_const_string(-1, opt, "backend", "tdb"));
 261                 ALLOC_CHECK(backend);
 262         }
 263 
 264         if ( ( ! backend) || ( ! strequal(backend, "ldap"))) {
 265                 d_fprintf(stderr, "The only currently supported backend is LDAP\n");
 266                 talloc_free(ctx);
 267                 return -1;
 268         }
 269 
 270         if (domain) {
 271 
 272                 dn = lp_parm_const_string(-1, opt, "ldap_user_dn", NULL);
 273                 if ( ! dn) {
 274                         d_fprintf(stderr, "Missing ldap_user_dn option for domain %s\n", domain);
 275                         talloc_free(ctx);
 276                         return -1;
 277                 }
 278 
 279                 ret = idmap_store_secret("ldap", false, domain, dn, secret);
 280         } else {
 281                 dn = lp_parm_const_string(-1, "idmap alloc config", "ldap_user_dn", NULL);
 282                 if ( ! dn) {
 283                         d_fprintf(stderr, "Missing ldap_user_dn option for alloc backend\n");
 284                         talloc_free(ctx);
 285                         return -1;
 286                 }
 287 
 288                 ret = idmap_store_secret("ldap", true, NULL, dn, secret);
 289         }
 290 
 291         if ( ! ret) {
 292                 d_fprintf(stderr, "Failed to store secret\n");
 293                 talloc_free(ctx);
 294                 return -1;
 295         }
 296 
 297         d_printf("Secret stored\n");
 298         return 0;
 299 }
 300 
 301 int net_help_idmap(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 302 {
 303         d_printf("net idmap dump <inputfile>\n"
 304                  "    Dump current id mapping\n");
 305 
 306         d_printf("net idmap restore\n"
 307                  "    Restore entries from stdin\n");
 308 
 309         /* Deliberately *not* document net idmap delete */
 310 
 311         d_printf("net idmap secret <DOMAIN>|alloc <secret>\n"
 312                  "    Set the secret for the specified DOMAIN (or the alloc module)\n");
 313 
 314         return -1;
 315 }
 316 
 317 static int net_idmap_aclmapset(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 318 {
 319         TALLOC_CTX *mem_ctx;
 320         int result = -1;
 321         DOM_SID src_sid, dst_sid;
 322         char *src, *dst;
 323         struct db_context *db;
 324         struct db_record *rec;
 325         NTSTATUS status;
 326 
 327         if (argc != 3 || c->display_usage) {
 328                 d_fprintf(stderr, "usage: net idmap aclmapset <tdb> "
 329                           "<src-sid> <dst-sid>\n");
 330                 return -1;
 331         }
 332 
 333         if (!(mem_ctx = talloc_init("net idmap aclmapset"))) {
 334                 d_fprintf(stderr, "talloc_init failed\n");
 335                 return -1;
 336         }
 337 
 338         if (!(db = db_open(mem_ctx, argv[0], 0, TDB_DEFAULT,
 339                            O_RDWR|O_CREAT, 0600))) {
 340                 d_fprintf(stderr, "db_open failed: %s\n", strerror(errno));
 341                 goto fail;
 342         }
 343 
 344         if (!string_to_sid(&src_sid, argv[1])) {
 345                 d_fprintf(stderr, "%s is not a valid sid\n", argv[1]);
 346                 goto fail;
 347         }
 348 
 349         if (!string_to_sid(&dst_sid, argv[2])) {
 350                 d_fprintf(stderr, "%s is not a valid sid\n", argv[2]);
 351                 goto fail;
 352         }
 353 
 354         if (!(src = sid_string_talloc(mem_ctx, &src_sid))
 355             || !(dst = sid_string_talloc(mem_ctx, &dst_sid))) {
 356                 d_fprintf(stderr, "talloc_strdup failed\n");
 357                 goto fail;
 358         }
 359 
 360         if (!(rec = db->fetch_locked(
 361                       db, mem_ctx, string_term_tdb_data(src)))) {
 362                 d_fprintf(stderr, "could not fetch db record\n");
 363                 goto fail;
 364         }
 365 
 366         status = rec->store(rec, string_term_tdb_data(dst), 0);
 367         TALLOC_FREE(rec);
 368 
 369         if (!NT_STATUS_IS_OK(status)) {
 370                 d_fprintf(stderr, "could not store record: %s\n",
 371                           nt_errstr(status));
 372                 goto fail;
 373         }
 374 
 375         result = 0;
 376 fail:
 377         TALLOC_FREE(mem_ctx);
 378         return result;
 379 }
 380 
 381 /***********************************************************
 382  Look at the current idmap
 383  **********************************************************/
 384 int net_idmap(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 385 {
 386         struct functable func[] = {
 387                 {
 388                         "dump",
 389                         net_idmap_dump,
 390                         NET_TRANSPORT_LOCAL,
 391                         "Dump the current ID mappings",
 392                         "net idmap dump\n"
 393                         "  Dump the current ID mappings"
 394                 },
 395                 {
 396                         "restore",
 397                         net_idmap_restore,
 398                         NET_TRANSPORT_LOCAL,
 399                         "Restore entries from stdin",
 400                         "net idmap restore\n"
 401                         "  Restore entries from stdin"
 402                 },
 403                 {
 404                         "setmap",
 405                         net_idmap_set,
 406                         NET_TRANSPORT_LOCAL,
 407                         "Not implemented yet",
 408                         "net idmap setmap\n"
 409                         "  Not implemented yet"
 410                 },
 411                 {
 412                         "delete",
 413                         net_idmap_delete,
 414                         NET_TRANSPORT_LOCAL,
 415                         "Not implemented yet",
 416                         "net idmap delete\n"
 417                         "  Not implemented yet"
 418                 },
 419                 {
 420                         "secret",
 421                         net_idmap_secret,
 422                         NET_TRANSPORT_LOCAL,
 423                         "Set secret for specified domain",
 424                         "net idmap secret {<DOMAIN>|alloc} <secret>\n"
 425                         "  Set secret for specified domain or alloc module"
 426                 },
 427                 {
 428                         "aclmapset",
 429                         net_idmap_aclmapset,
 430                         NET_TRANSPORT_LOCAL,
 431                         "Set acl map",
 432                         "net idmap aclmapset\n"
 433                         "  Set acl map"
 434                 },
 435                 {NULL, NULL, 0, NULL, NULL}
 436         };
 437 
 438         return net_run_function(c, argc, argv, "net idmap", func);
 439 }
 440 
 441 

/* [<][>][^][v][top][bottom][index][help] */