idmap.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <stdlib.h>
#include <locale.h>
#include <strings.h>
#include <errno.h>
#include <limits.h>
#include "idmap_engine.h"
#include "idmap_priv.h"
/* is_user values */
#define I_YES 1
#define I_NO 0
#define I_UNKNOWN -1
/*
* used in do_show for the type of argument, which can be winname,
* unixname, uid, gid, sid or not given at all:
*/
/* Identity type strings */
#define ID_WINNAME "winname"
#define ID_UNIXNAME "unixname"
#define ID_UNIXUSER "unixuser"
#define ID_UNIXGROUP "unixgroup"
#define ID_WINUSER "winuser"
#define ID_WINGROUP "wingroup"
#define ID_SID "sid"
#define ID_UID "uid"
#define ID_GID "gid"
/* Flags */
#define f_FLAG 'f'
#define t_FLAG 't'
#define d_FLAG 'd'
#define F_FLAG 'F'
#define a_FLAG 'a'
#define n_FLAG 'n'
#define c_FLAG 'c'
/* used in the function do_import */
#define MAX_INPUT_LINE_SZ 2047
typedef struct {
int is_user;
int direction;
char *unixname;
char *winname;
char *windomain;
char *sidprefix;
/*
* Formats of the output:
*
* name mappings in Samba username map format (smbusers), Netapp
* usermap.cfg.
*
* DEFAULT_FORMAT are in fact the idmap subcommands suitable for
* piping to idmap standart input. For example
* add -d winuser:bob@foo.com unixuser:fred
* add -d winuser:bob2bar.com unixuser:fred
*
* SMBUSERS is the format of Samba username map (smbusers). For full
* documentation, search for "username map" in smb.conf manpage.
* The format is for example
* fred = bob@foo.com bob2@bar.com
*
* USERMAP_CFG is the format of Netapp usermap.cfg file. Search
* http://www.netapp.com/ for more documentation. IP qualifiers are not
* supported.
* The format is for example
* bob@foo.com => fred
* "Bob With Spaces"@bar.com => fred #comment
*
* The previous formats were for name rules. MAPPING_NAME and
* commands. MAPPING_NAME prefers the string names of the user over
* their numerical identificators. MAPPING_ID prints just the
* identificators.
* Example of the MAPPING_NAME:
* winname:bob@foo.com -> unixname:fred
*
* Example of the MAPPING_ID:
* sid:S-1-2-3-4 -> uid:5678
*/
typedef enum {
UNDEFINED_FORMAT = -1,
DEFAULT_FORMAT = 0,
} format_t;
/* Gives the format to use. Set in print_mapping_init */
static format_t pnm_format;
/* The file for print_mapping_init output. Mostly just stdout. */
/* In smbusers format, more unixnames can be aggregated to one line. */
static char *pnm_last_unixname;
/*
* idmap_api batch related variables:
*
* idmap can operate in two modes. It the batch mode, the idmap_api
* batch is committed at the end of a batch of several
* commands. At the end of input file, typically. This mode is used
* for processing input from a file.
* In the non-batch mode, each command is committed immediately. This
* mode is used for tty input.
*/
/* Are we in the batch mode? */
static int batch_mode = 0;
/* Self describing stricture for positions */
struct pos_sds {
int size;
int last;
};
/* Handles for idmap_api batch */
/* Do we need to commit the udt batch at the end? */
static int udt_used;
/* Command handlers */
/* Command names and their hanlers to be passed to idmap_engine */
{
"show",
"c(create)",
},
{
"dump",
"n(names)",
},
{
"import",
"F(flush)f:(file)",
},
{
"export",
"f:(file)",
},
{
"list",
"",
},
{
"add",
"d(directional)",
},
{
"remove",
"a(all)t(to)f(from)d(directional)",
},
{
"exit",
"",
},
{
"help",
"",
}
};
/* Print error message, possibly with a position */
/* printflike */
static void
/* Skip newlines etc at the end: */
length--;
gettext("Error at line %d: %.*s\n"),
}
}
/* Inits positions sds. 0 means everything went OK, -1 for errors */
static int
init_positions() {
return (-1);
}
return (0);
}
/* Free the positions array */
static void
fini_positions() {
int i;
continue;
}
}
/*
* Add another position to the positions array. 0 means everything
* went OK, -1 for errors
*/
static int
sizeof (struct pos_sds) +
goto nomemory;
}
else {
sizeof (cmd_pos_t));
goto nomemory;
goto nomemory;
}
return (0);
return (-1);
}
/*
* Compare two strings just like strcmp, but stop before the end of
* the s2
*/
static int
}
/* The same as strcmp_no0, but case insensitive. */
static int
}
/* Print help message */
static void
help() {
"idmap\n"
"idmap -f command-file\n"
"idmap show [-c] identity [targettype]\n"
"idmap dump [-n]\n"
"idmap add [-d] name1 name2\n"
"idmap remove -a\n"
"idmap remove name\n"
"idmap remove [-d] name1 name2\n"
"idmap list\n"
"idmap import [-F] [-f file] format\n"
"idmap export [-f file] format\n"
"idmap help\n");
}
/* The handler for the "help" command. */
static int
/* LINTED E_FUNC_ARG_UNUSED */
{
help();
return (0);
}
/* Initialization of the idmap api batch */
static int
init_batch() {
if (stat < 0) {
gettext("Connection not established (%s)\n"),
return (-1);
}
return (0);
}
/* Initialization common to all commands */
static int
init_command() {
if (batch_mode)
return (0);
return (init_batch());
}
/* Finalization common to all commands */
static void
fini_command() {
if (batch_mode)
return;
(void) idmap_fini(handle);
}
/* Initialization of the commands which perform write operations */
static int
init_udt_batch() {
if (init_batch())
return (-1);
if (stat < 0) {
gettext("Error initiating transaction (%s)"),
return (-1);
}
if (init_positions() < 0)
return (-1);
return (0);
}
/* Finalization of the write commands */
static int
init_udt_command() {
udt_used = 1;
if (batch_mode)
return (0);
return (init_udt_batch());
}
/* If everythings is OK, send the udt batch to idmapd */
static int
int rc = 0;
if (batch_mode)
return (0);
gettext("Internal error: uninitiated batch.\n"));
return (-1);
}
if (stat == IDMAP_SUCCESS)
goto out;
rc = -1;
if (stat1 != IDMAP_SUCCESS) {
gettext("Error diagnosing transaction (%s)\n"),
goto out;
}
if (failpos < 0)
reported_pos = pos;
else
gettext("Error commiting transaction (%s)\n"),
}
out:
udt_used = 0;
fini_command();
return (rc);
}
/* Convert numeric expression of the direction to it's string form */
static char *
direction2string(int direction) {
switch (direction) {
case IDMAP_DIRECTION_BI:
return ("==");
case IDMAP_DIRECTION_W2U:
return ("=>");
case IDMAP_DIRECTION_U2W:
return ("<=");
default:
/* This can never happen: */
gettext("Internal error: invalid direction.\n"));
return ("");
}
/* never reached */
}
/* Do we need quotation marks around winname in the USERMAP_CFG format? */
static int
needs_protection(char *what) {
return (1);
return (1);
return (1);
return (0);
}
/*
* Returns 1 if c is a shell-meta-character requiring quoting, 0
* otherwise.
*
* We don't quote '*' and ':' because they cannot do any harm
* a) they have no meaning to idmap_engine b) even ifsomebody copy &
* paste idmap output to a shell commandline, there is the identity
* type string in front of them. On the other hand, '*' and ':' are
* everywhere.
*/
static int
is_shell_special(char c) {
if (isspace(c))
return (1);
return (1);
return (0);
}
/*
* Returns 1 if c is a shell-meta-character requiring quoting even
* inside double quotes, 0 otherwise. It means \, " and $ .
*
* This set of characters is a subset of those in is_shell_special().
*/
static int
is_dq_special(char c) {
return (1);
return (0);
}
/*
* Quote any shell meta-characters in the given string. If 'quote' is
* true then use double-quotes to quote the whole string, else use
* back-slash to quote each individual meta-character.
*
* The resulting string is placed in *res. Callers must free *res if the
* return value isn't 0 (even if the given string had no meta-chars).
* If there are any errors this returns -1, else 0.
*/
static int
int i, j;
char *out;
/* First, let us count how many characters we need to quote: */
for (i = 0; i < len_orig; i++) {
if (is_shell_special(string[i])) {
noss++;
if (is_dq_special(string[i]))
noqb++;
}
}
/* Do we need to quote at all? */
if (noss == 0) {
return (-1);
}
return (0);
}
/* What is the length of the result? */
if (quote)
else
return (-1);
}
j = 0;
if (quote)
out[j++] = '"';
for (i = 0; i < len_orig; i++) {
/* Quote the dangerous chars by a backslash */
out[j++] = '\\';
}
}
if (quote)
out[j++] = '"';
out[j] = '\0';
return (0);
}
/* Assemble string form sid */
static char *
char *to;
/* 'sid:' + sidprefix + '-' + rid + '\0' */
return (NULL);
return (to);
}
/* Assemble string form uid or gid */
static char *
char *to;
/* ID_UID ":" + uid + '\0' */
return (NULL);
return (to);
}
/* Assemble winname, e.g. "winuser:bob@foo.sun.com", from name_mapping_t */
static int
char *out;
int is_domain = 1;
char *prefix;
/* Sometimes there are no text names. Return a sid, then. */
return (-1);
return (0);
}
case I_YES:
break;
case I_NO:
break;
case I_UNKNOWN:
break;
}
/* Windomain is not mandatory: */
is_domain = 0;
else
gettext("Not enough memory.\n"));
return (-1);
}
if (!is_domain)
} else {
}
return (0);
}
/* Assemble a text unixname, e.g. unixuser:fred */
static int
char *out;
char *it;
char *prefix;
/* Sometimes there is no name, just pid: */
return (-1);
return (0);
}
return (-1);
case I_YES:
break;
case I_NO:
break;
case I_UNKNOWN:
break;
}
gettext("Not enough memory.\n"));
return (-1);
}
return (0);
}
/* Initialize print_mapping variables. Must be called before print_mapping */
static int
pnm_format = f;
switch (pnm_format) {
case SMBUSERS:
break;
default:
;
}
return (0);
}
/* Finalize print_mapping. */
static int
switch (pnm_format) {
case SMBUSERS:
if (pnm_last_unixname != NULL) {
}
break;
default:
;
}
return (0);
}
/*
* This prints both name rules and ordinary mappings, based on the pnm_format
* set in print_mapping_init().
*/
static int
{
char *dirstring;
switch (pnm_format) {
case MAPPING_NAME:
return (-1);
return (-1);
}
/* LINTED E_CASE_FALLTHRU */
case MAPPING_ID:
if (pnm_format == MAPPING_ID) {
gettext("SID not given.\n"));
return (-1);
}
return (-1);
return (-1);
}
}
unixname);
break;
case SMBUSERS:
gettext("Group rule: "));
f = stderr;
gettext("Opposite direction of the mapping: "));
f = stderr;
}
return (-1);
if (pnm_file != f) {
} else if (pnm_last_unixname != NULL &&
} else {
if (pnm_last_unixname != NULL) {
(void) fprintf(f, "\n");
}
}
break;
case USERMAP_CFG:
gettext("Group rule: "));
f = stderr;
}
(void) fprintf(f, "%s%s%s\t%s\t%s%s%s\n",
else
"%s%s%1$s\\%3$s%4$s%3$s\t%5$s\t%6$s%7$s%6$s\n" :
"%3$s%4$s%3$s@%1$s%2$s%1$s\t%5$s\t%6$s%7$s%6$s\n",
break;
case DEFAULT_FORMAT:
return (-1);
return (-1);
}
return (-1);
}
(void) fprintf(f,
"add -d\t%s\t%s\n",
} else {
(void) fprintf(f,
"add %s\t%s\t%s\n",
}
break;
default:
/* This can never happen: */
gettext("Internal error: invalid print format.\n"));
return (-1);
}
return (0);
}
/* Allocate a new name_mapping_t and initialize the values. */
static name_mapping_t *
return (NULL);
}
return (nm);
}
/* Free name_mapping_t */
static void
}
/* dump command handler */
static int
/* LINTED E_FUNC_ARG_UNUSED */
{
int is_user;
int rc = 0;
if (init_command())
return (-1);
stdout);
if (stat < 0) {
gettext("Iteration handle not obtained (%s)\n"),
rc = -1;
goto cleanup;
}
do {
rc = -1;
goto cleanup;
}
if (stat >= 0)
(void) print_mapping(nm);
} while (stat > 0);
/* IDMAP_ERR_NOTFOUND indicates end of the list */
gettext("Error during iteration (%s)\n"),
rc = -1;
goto cleanup;
}
}
(void) print_mapping_fini();
fini_command();
return (rc);
}
/*
* The same as strdup, but length chars is duplicated, no matter on
* '\0'. The caller must guarantee "length" chars in "from".
*/
static char *
return (NULL);
}
return (out);
}
/*
* Convert pid from string to it's numerical representation. If it is
* a valid string, i.e. number of a proper length, return 1. Otherwise
* print an error message and return 0.
*/
static int
int i;
long long ll;
char *type_string;
else
return (0);
for (i = 0; i < len; i++) {
gettext("\"%s\" is not a valid %s: the non-digit"
" character '%c' found.\n"), string,
type_string, string[i]);
return (0);
}
}
/* Isn't it too large? */
return (0);
}
return (1);
}
/*
* Convert SID from string to prefix and rid. If it has a valid
* format, i.e. S(\-\d+)+, return 1. Otherwise print an error
* message and return 0.
*/
static int
int i, j;
char *cp;
char *ecp;
char *prefix_end;
u_longlong_t a;
unsigned long r;
gettext("Invalid %s \"%s\": it doesn't start "
return (0);
}
gettext("Invalid %s \"%s\": the authority and RID parts are"
" missing.\n"),
return (0);
}
/* count '-'s */
/* can't end on a '-' */
gettext("Invalid %s \"%s\": '-' at the end.\n"),
return (0);
gettext("Invalid %s \"%s\": double '-'.\n"),
return (0);
}
}
/* check that we only have digits and '-' */
gettext("Invalid %s \"%s\": invalid character '%c'.\n"),
return (0);
}
/* 64-bit safe parsing of unsigned 48-bit authority value */
errno = 0;
/* errors parsing the authority or too many bits */
gettext("Invalid %s \"%s\": unable to parse the "
cp);
return (0);
}
(a & 0x0000ffffffffffffULL) != a) {
gettext("Invalid %s \"%s\": the authority "
return (0);
}
if (j < 3) {
gettext("Invalid %s \"%s\": must have at least one RID.\n"),
return (0);
}
for (i = 2; i < j; i++) {
if (*cp++ != '-') {
/* Should never happen */
gettext("Invalid %s \"%s\": internal error:"
" '-' missing.\n"),
return (0);
}
/* 32-bit safe parsing of unsigned 32-bit RID */
errno = 0;
/* errors parsing the RID */
/* should never happen */
gettext("Invalid %s \"%s\": internal error: "
"unable to parse the RID "
"after \"%.*s\".\n"), ID_SID,
return (0);
}
gettext("Invalid %s \"%s\": the RID \"%.*s\""
" is too large.\n"), ID_SID,
return (0);
}
prefix_end = cp;
}
/* check that all of the string SID has been consumed */
if (*cp != '\0') {
/* Should never happen */
gettext("Invalid %s \"%s\": internal error: "
"something is still left.\n"),
return (0);
}
*rid = (idmap_rid_t)r;
/* -1 for the '-' at the end: */
gettext("Not enough memory.\n"));
return (0);
}
return (1);
}
/* Does the line start with USERMAP_CFG IP qualifier? */
static int
ucp_is_IP_qualifier(char *line) {
char *it;
}
/*
* returns interior of quotation marks in USERMAP_CFG. In this format,
* there cannot be a protected quotation mark inside.
*/
static char *
char *out;
gettext("Unclosed quotations\n"));
return (NULL);
}
return (out);
}
/*
* Grab next token from the line in USERMAP_CFG format. terminators,
* the 3rd parameter, contains all the characters which can terminate
* the token. line_num is the line number of input used for error
* reporting.
*/
static char *
char *token;
if (**line == '"')
else {
}
return (token);
}
/*
* Convert a line in usermap.cfg format to name_mapping.
*
* Return values: -1 for error, 0 for empty line, 1 for a mapping
* found.
*/
static int
char *it;
char *token;
char *token2;
char separator;
int is_direction = 0;
/* empty or comment lines are OK: */
return (0);
/* We do not support network qualifiers */
if (ucp_is_IP_qualifier(it)) {
gettext("Unable to handle network qualifier.\n"));
return (-1);
}
/* The windows name: */
return (-1);
/* Didn't we bump to the end of line? */
gettext("UNIX_name not found.\n"));
return (-1);
}
/* Do we have a domainname? */
it ++;
return (-1);
gettext("UNIX_name not found.\n"));
}
if (separator == '\\') {
} else {
}
} else {
}
/* Direction string is optional: */
is_direction = 1;
is_direction = 1;
is_direction = 1;
} else {
is_direction = 0;
}
if (is_direction) {
it += 2;
gettext("UNIX_name not found.\n"));
return (-1);
}
}
/* Now unixname: */
/* nm->winname to be freed by name_mapping_fini */
return (-1);
/* Neither here we support IP qualifiers */
if (ucp_is_IP_qualifier(token)) {
gettext("Unable to handle network qualifier.\n"));
return (-1);
}
/* Does something remain on the line */
return (-1);
}
return (1);
}
/*
* Parse SMBUSERS line to name_mapping_t. if line is NULL, then
* pasrsing of the previous line is continued. line_num is input line
* number used for error reporting.
* Return values:
* rc -1: error
* rc = 0: mapping found and the line is finished,
* rc = 1: mapping found and there remains other on the line
*/
static int
static size_t unixname_l = 0;
char *token;
return (0);
ll += unixname_l;
return (0);
}
return (0);
return (-1);
return (-1);
return (1);
}
/* Parse line to name_mapping_t. Basicaly just a format switch. */
static int
switch (f) {
case USERMAP_CFG:
return (0);
else
case SMBUSERS:
default:
/* This can never happen */
gettext("Internal error: invalid line format.\n"));
}
return (-1);
}
/* Examine -f flag and return the appropriate format_t */
static format_t
return (UNDEFINED_FORMAT);
}
return (DEFAULT_FORMAT);
return (USERMAP_CFG);
return (SMBUSERS);
"\"smbusers\".\n"));
return (UNDEFINED_FORMAT);
}
/* Delete all namerules of the given type */
static int
{
if (stat < 0) {
: gettext("Unable to flush groups (%s).\n"),
return (-1);
}
if (positions_add(pos) < 0)
return (-1);
return (0);
}
/* import command handler */
static int
/* LINTED E_FUNC_ARG_UNUSED */
{
char line[MAX_INPUT_LINE_SZ];
int rc = 0;
if (batch_mode) {
gettext("Import is not allowed in the batch mode.\n"));
return (-1);
}
if (format == UNDEFINED_FORMAT)
return (-1);
if (init_udt_command())
return (-1);
/* We don't flush groups in the usermap.cfg nor smbusers format */
rc = -1;
goto cleanup;
}
/* Where we import from? */
else {
goto cleanup;
}
}
/*
* In SMBUSERS format there can be more mappings on
* each line. So we need the internal cycle for each line.
*/
do {
nm = name_mapping_init();
rc = -1;
goto cleanup;
}
if (rc < 1) {
break;
}
if (stat < 0) {
gettext("Transaction error (%s)\n"),
rc = -1;
}
if (rc >= 0)
} while (rc >= 0);
if (rc < 0) {
gettext("Import canceled.\n"));
break;
}
}
rc = -1;
return (rc);
}
/*
* List name mappings in the format specified. list_users /
* list_groups determine which type to list. The output goes to the
* file fi.
*/
static int
{
int is_user;
/* Only users can be in USERMAP_CFG format, not a group */
continue;
if (stat < 0) {
gettext("Iteration handle not obtained (%s)\n"),
return (-1);
}
do {
nm = name_mapping_init();
return (-1);
}
if (stat >= 0) {
(void) print_mapping(nm);
}
} while (stat > 0);
(void) print_mapping_fini();
gettext("Error during iteration (%s)\n"),
return (-1);
}
}
return (0);
}
/* Export command handler */
static int
/* LINTED E_FUNC_ARG_UNUSED */
int rc;
if (format == UNDEFINED_FORMAT)
return (-1);
/* Where do we output to? */
else {
return (-1);
}
}
if (init_command() < 0) {
rc = -1;
goto cleanup;
}
/* List the requested types: */
fini_command();
return (rc);
}
/* List command handler */
static int
/* LINTED E_FUNC_ARG_UNUSED */
{
int rc;
if (init_command()) {
return (-1);
}
/* List the requested types: */
fini_command();
return (rc);
}
/* This is just a debug function for dumping flags */
static void
print_flags(flag_t *f)
{
int c;
for (c = 0; c < FLAG_ALPHABET_SIZE; c++) {
if (f[c] == FLAG_SET)
(void) printf("FLAG: -%c, VALUE: %p\n", c,
(void *) f[c]);
else if (f[c])
(void) printf("FLAG: -%c, VALUE: %s\n", c, f[c]);
}
}
/*
* This function splits name to the relevant pieces: is_user, winname,
* windomain unixname. Sometimes it is not possible to determine OS
* side, because it could be determined by the opposite name in idmap
* show. So this function must be called several times.
*
* Return values: -1 ... clear syntax error
* 0 ... it wasnt possible to determine
* 1 ... determined
*/
static int
char *it;
return (0);
/* If it starts with type string, that is easy: */
gettext("%s - invalid combination of user"
" and group identity types.\n"),
return (-1);
}
return (0);
gettext("%s - invalid combination of user"
" and group identity types.\n"),
return (-1);
}
return (0);
gettext("%s - invalid combination of user"
" and group identity types.\n"),
return (-1);
}
return (0);
gettext("%s - invalid combination of user"
" and group identity types.\n"),
return (-1);
}
return (0);
return (0);
} else {
gettext("Error: invalid identity type \"%.*s\"\n"),
return (-1);
}
}
/* If it contains '@' or '\\', then it is a winname with domain */
return (1);
return (1);
}
}
/*
* hope is that the opposite side is known already. In that
* case, it is the only remaining side.
*/
else
return (1);
else
return (1);
}
return (0);
}
/* add command handler. */
static int
{
int rc = 0;
int i;
int is_argv0_unix = -1;
/* Exactly two arguments must be specified */
if (argc < 2) {
return (-1);
} else if (argc > 2) {
return (-1);
}
/*
* Direction can be determined by the opposite name, so we
* need to run name2parts twice for the first name, i.e. 3x in
* total.
*/
nm = name_mapping_init();
return (-1);
for (i = 0; i < 3; i++) {
case -1:
return (-1);
case 1:
if (is_argv0_unix < 0)
break;
}
}
return (-1);
}
else
/* Now let us write it: */
if (init_udt_command()) {
return (-1);
}
/* We echo the mapping */
(void) print_mapping(nm);
(void) print_mapping_fini();
if (stat < 0) {
gettext("Mapping not created (%s)\n"),
rc = -1;
}
if (rc == 0)
rc = -1;
return (rc);
}
/* remove command handler */
static int
{
int rc = 0;
int i;
int is_argv0_unix = -1;
int is_user;
/* "-a" means we flush all of them */
if (argc) {
gettext("Too many arguments.\n"));
return (-1);
}
if (init_udt_command())
return (-1);
if (rc >= 0)
rc = -1;
return (rc);
}
/* Contrary to add_name_mapping, we can have only one argument */
if (argc < 1) {
return (-1);
} else if (argc > 2) {
return (-1);
} else if (
/* both -f and -t: */
/* -d with a single argument: */
/* -f or -t with two arguments: */
gettext("Direction ambiguous.\n"));
return (-1);
}
/*
* Similar to do_add_name_mapping - see the comments
* there. Except we may have only one argument here.
*/
nm = name_mapping_init();
return (-1);
case -1:
return (-1);
case 1:
if (is_argv0_unix < 0)
break;
}
}
return (-1);
}
/*
* If the direction is not specified by a -d/-f/-t flag, then it
* is IDMAP_DIRECTION_UNDEF, because in that case we want to
* remove any mapping. If it was IDMAP_DIRECTION_BI, idmap_api would
* delete a bidirectional one only.
*/
else
if (init_udt_command()) {
return (-1);
}
continue;
if (stat < 0) {
gettext("Mapping not deleted (%s)\n"),
rc = -1;
break;
}
}
if (rc == 0)
rc = -1;
return (rc);
}
/* exit command handler */
static int
/* LINTED E_FUNC_ARG_UNUSED */
return (0);
}
/* debug command handler: just print the parameters */
static int
/* LINTED E_STATIC_UNUSED */
{
int i;
#if 0
#endif
print_flags(f);
for (i = 0; i < argc; i++) {
}
return (0);
}
/*
* Return a pointer after a given prefix. If there is no such prefix,
* return NULL
*/
static char *
return (NULL);
}
/*
* From name_mapping_t, asseble a string containing identity of the
* given type.
*/
static int
switch (type) {
case TYPE_SID:
return (-1);
return (0);
case TYPE_WN:
case TYPE_WU:
case TYPE_WG:
case TYPE_UID:
case TYPE_GID:
case TYPE_PID:
return (-1);
else
return (0);
case TYPE_UN:
case TYPE_UU:
case TYPE_UG:
default:
/* This can never happen: */
gettext("Internal error: invalid name type.\n"));
return (-1);
}
/* never reached */
}
/* show command handler */
static int
{
idmap_stat stat = 0;
int flag;
idmap_stat map_stat = 0;
int type_from;
int type_to;
char *root;
char *fromname;
char *toname;
if (argc == 0) {
gettext("No identity given\n"));
return (-1);
} else if (argc > 2) {
gettext("Too many arguments.\n"));
return (-1);
}
if (init_command())
return (-1);
nm = name_mapping_init();
goto cleanup;
/* First, determine type_from: */
else
case 1: /* name2parts determined the type */
case I_YES:
break;
case I_NO:
break;
default:
}
else
case I_YES:
break;
case I_NO:
break;
default:
}
break;
case 0: /* name2parts didn't determine the type: */
/* LINTED E_CASE_FALLTHRU */
case -1:
goto cleanup;
}
/* Second, determine type_to: */
if (argc < 2) {
else {
gettext("Invalid target type.\n"));
goto cleanup;
}
/* Are both arguments the same OS side? */
gettext("Direction ambiguous.\n"));
goto cleanup;
}
gettext("Mapping of user to group impossible.\n"));
goto cleanup;
gettext("Mapping of group to user impossible.\n"));
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
}
/*
* We have two interfaces for retrieving the mappings:
* idmap_get_sidbyuid & comp (the batch interface) and
* idmap_get_w2u_mapping & comp. We want to use both of them, because
* the former mimicks kernel interface better and the later offers the
* string names. In the batch case, our batch has always size 1.
*/
flag,
} else {
flag,
}
} else {
/* batch handle */
/* To be passed to idmap_get_uidbysid */
/* To be passed to idmap_get_gidbysid */
/* Create an in-memory structure for all the batch: */
if (stat < 0) {
gettext("Unable to create handle for communicating"
" with idmapd(1M) (%s)\n"),
goto cleanup;
}
/* Schedule the request: */
flag,
&uid,
&map_stat);
flag,
&gid,
&map_stat);
flag,
&map_stat);
flag,
&map_stat);
flag,
&map_stat);
} else {
/* This can never happen: */
gettext("Internal error in show.\n"));
exit(1);
}
if (stat < 0) {
gettext("Request for %.3s not sent (%s)\n"),
goto cleanup;
}
/* Send the batch to idmapd and obtain results: */
if (stat < 0) {
gettext("Mappings not obtained because of"
" RPC problem (%s)\n"),
goto cleanup;
}
/* Destroy the batch handle: */
}
/*
* If there was -c flag, we do output whatever we can even in
* the case of error:
*/
if (map_stat < 0) {
gettext("%s\n"),
if (flag == IDMAP_REQ_FLG_NO_NEW_ID_ALLOC)
goto cleanup;
}
/*
* it uses special sentinel value i.e 4294967295 (or -1) to
* indicate that falbback pid is not available either. In such
* case idmap(1M) should not display the mapping because there
* is no fallback mapping.
*/
goto cleanup;
}
goto cleanup;
if (flag == 0)
(void) printf("%s -> %s:%u\n",
goto cleanup;
}
fini_command();
}
/* main function. Returns 1 for error, 0 otherwise */
int
int rc;
/* set locale and domain for internationalization */
(void) textdomain(TEXT_DOMAIN);
/* idmap_engine determines the batch_mode: */
argc - 1,
argv + 1,
&batch_mode);
if (rc < 0) {
(void) engine_fini();
if (rc == IDMAP_ENG_ERROR_SILENT)
help();
return (1);
}
udt_used = 0;
if (batch_mode) {
if (init_udt_batch() < 0)
return (1);
}
if (batch_mode) {
batch_mode = 0;
rc = -1;
}
(void) engine_fini();
return (rc == 0 ? 0 : 1);
}