sss_groupshow.c revision e2ac9be4f293b96f3c8992f1171e44bc1da5cfca
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2010
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer This program is free software; you can redistribute it and/or modify
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer it under the terms of the GNU General Public License as published by
7520452bb30b5abbd471f82352fc4c1c937e02c5Till Mossakowski the Free Software Foundation; either version 3 of the License, or
7520452bb30b5abbd471f82352fc4c1c937e02c5Till Mossakowski (at your option) any later version.
7520452bb30b5abbd471f82352fc4c1c937e02c5Till Mossakowski This program is distributed in the hope that it will be useful,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer but WITHOUT ANY WARRANTY; without even the implied warranty of
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer GNU General Public License for more details.
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer You should have received a copy of the GNU General Public License
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer along with this program. If not, see <http://www.gnu.org/licenses/>.
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer#define GROUP_SHOW_ATTRS { SYSDB_MEMBEROF, SYSDB_GIDNUM, \
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer#define GROUP_SHOW_MPG_ATTRS { SYSDB_MEMBEROF, SYSDB_UIDNUM, \
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer/*==================Helper routines to process results================= */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyerconst char *rdn_as_string(TALLOC_CTX *mem_ctx,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer return ldb_dn_escape_value(mem_ctx, *val);;
1842453990fed8a1bd7a5ac792d7982c1d2bfcd5Christian Maederstatic int parse_memberofs(struct ldb_context *ldb,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer gi->memberofs = talloc_array(gi, const char *, el->num_values+1);
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer dn = ldb_dn_from_ldb_val(gi, ldb, &(el->values[i]));
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer gi->memberofs[i] = talloc_strdup(gi, rdn_as_string(gi, dn));
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer DEBUG(6, ("memberof value: %s\n", gi->memberofs[i]));
d5f9a0b274192a496eb8d2fb8ce81c33ac2f1717Thiemo Wiedemeyerstatic int parse_members(TALLOC_CTX *mem_ctx,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer struct ldb_dn *user_basedn = NULL, *group_basedn = NULL;
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer user_basedn = ldb_dn_new_fmt(tmp_ctx, ldb,
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer group_basedn = ldb_dn_new_fmt(tmp_ctx, ldb,
331603b37dec12e37e2e1df9634ef0f2c5c73ddfThiemo Wiedemeyer um = talloc_array(mem_ctx, const char *, el->num_values+1);
331603b37dec12e37e2e1df9634ef0f2c5c73ddfThiemo Wiedemeyer gm = talloc_array(mem_ctx, const char *, el->num_values+1);
331603b37dec12e37e2e1df9634ef0f2c5c73ddfThiemo Wiedemeyer dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &(el->values[i]));
bbd9ff47b93f02c2cb2f101b074da02a2f683fe3Christian Maeder /* user member or group member? */
bbd9ff47b93f02c2cb2f101b074da02a2f683fe3Christian Maeder parent_dn = ldb_dn_get_parent(tmp_ctx, dn);
bbd9ff47b93f02c2cb2f101b074da02a2f683fe3Christian Maeder if (ldb_dn_compare_base(parent_dn, user_basedn) == 0) {
a96ea65117eaf61ed34248bdf76e4e2144288c9dThiemo Wiedemeyer um[um_index] = rdn_as_string(mem_ctx, dn);
a96ea65117eaf61ed34248bdf76e4e2144288c9dThiemo Wiedemeyer DEBUG(6, ("User member %s\n", um[um_index]));
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer } else if (ldb_dn_compare_base(parent_dn, group_basedn) == 0) {
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer gm[gm_index] = rdn_as_string(mem_ctx, dn);
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer if (parent_name && strcmp(gm[gm_index], parent_name) == 0) {
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(6, ("Skipping circular nesting for group %s\n",
bbd9ff47b93f02c2cb2f101b074da02a2f683fe3Christian Maeder DEBUG(6, ("Group member %s\n", gm[gm_index]));
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer DEBUG(2, ("Group member not a user nor group: %s\n",
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer um = talloc_realloc(mem_ctx, um, const char *, um_index+1);
bbd9ff47b93f02c2cb2f101b074da02a2f683fe3Christian Maeder gm = talloc_realloc(mem_ctx, gm, const char *, gm_index+1);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer if (num_group_members) *num_group_members = gm_index;
966a6c024c828387023fccb0cd0049f78687e5dcThiemo Wiedemeyerstatic int process_group(TALLOC_CTX *mem_ctx,
109b67ffce2bad83667e2f4a319d2d7f380f91afThiemo Wiedemeyer DEBUG(6, ("Found entry %s\n", ldb_dn_get_linearized(msg->dn)));
109b67ffce2bad83667e2f4a319d2d7f380f91afThiemo Wiedemeyer gi = talloc_zero(mem_ctx, struct group_info);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* mandatory data - name and gid */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer gi->gid = ldb_msg_find_attr_as_uint64(msg,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* list members */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer el = ldb_msg_find_element(msg, SYSDB_MEMBER);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer for (count = 0; gi->user_members[count]; count++) ;
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer el = ldb_msg_find_element(msg, SYSDB_GHOST);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer for (count = 0; user_members[count]; count++) ;
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer gi->user_members = talloc_realloc(gi, gi->user_members,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer for (j = 0; j < count; j++, i++) {
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer gi->user_members[i] = talloc_steal(gi->user_members,
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer /* list memberofs */
6c59ae2c44a1fe22ef1712a57afe129e9dbd3368Thiemo Wiedemeyer el = ldb_msg_find_element(msg, SYSDB_MEMBEROF);
aa07f9c4585a94514dcff2979d853d6e04c12fb9Thiemo Wiedemeyer/*========Find info about a group and recursively about subgroups====== */
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyerint group_show_recurse(TALLOC_CTX *mem_ctx,
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyerstatic int group_show_trim_memberof(TALLOC_CTX *mem_ctx,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer const char ***_direct);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer static const char *attrs[] = GROUP_SHOW_ATTRS;
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer /* First, search for the root group */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = sysdb_search_group_by_name(mem_ctx, domain, name, attrs, &msg);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(2, ("Search failed: %s (%d)\n", strerror(ret), ret));
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = process_group(mem_ctx, sysdb_ctx_get_ldb(sysdb),
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyer DEBUG(2, ("Group processing failed: %s (%d)\n",
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyer for (i = 0; i < nmembers; i++) {
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyer root->group_members[i] = talloc_zero(root, struct group_info);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer root->group_members[i]->name = talloc_strdup(root,
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyer /* if not recursive, only show the direct parent */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = group_show_trim_memberof(mem_ctx, sysdb, domain, root->name,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = group_show_recurse(root, sysdb, domain, root, root,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(2, ("Recursive search failed: %s (%d)\n", strerror(ret), ret));
545d0cd78159cade346b579d06052638b19b0f72Thiemo Wiedemeyer/*=========Nonrecursive search should only show direct parent========== */
1a389234e68da7c3d087b038307ed8c66fc6dc32Thiemo Wiedemeyerstatic int group_show_trim_memberof(TALLOC_CTX *mem_ctx,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer const char ***_direct)
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer dn = sysdb_group_dn(mem_ctx, domain, name);
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer for (i = 0; memberofs[i]; i++) {
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer filter = talloc_asprintf(mem_ctx, "(&(%s=%s)(%s=%s))",
37e30366abd83c00a5d5447b45694627fd783de8Cui Jian /* ENOENT is OK, the group is just not a direct parent */
1842453990fed8a1bd7a5ac792d7982c1d2bfcd5Christian Maeder name = ldb_msg_find_attr_as_string(msgs[0],
40c18e3f63c23085e5bb36ea35efe141a87df8e4Klaus Luettich DEBUG(2, ("Entry %s has no Name Attribute ?!?\n",
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer direct[ndirect] = talloc_strdup(direct, name);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer/*==================Recursive search for nested groups================= */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerint group_show_recurse(TALLOC_CTX *mem_ctx,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer static const char *attrs[] = GROUP_SHOW_ATTRS;
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer if (!group_members || !group_members[0]) {
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer for (i = 0; i < nmembers; i++) {
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* Skip circular groups */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer if (strcmp(group_members[i], parent->name) == 0) {
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer ret = sysdb_search_group_by_name(mem_ctx, domain, group_members[i],
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer DEBUG(2, ("Search failed: %s (%d)\n", strerror(ret), ret));
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer ret = process_group(root, sysdb_ctx_get_ldb(sysdb),
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer &groups[i], &new_group_members, &new_nmembers);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer DEBUG(2, ("Group processing failed: %s (%d)\n",
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer /* descend to another level */
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer ret = group_show_recurse(mem_ctx, sysdb, domain,
966a6c024c828387023fccb0cd0049f78687e5dcThiemo Wiedemeyer DEBUG(2, ("Recursive search failed: %s (%d)\n",
a44f1558006c43dda309b3d1e5a1214443f07048Thiemo Wiedemeyer/*==================Get info about MPG================================= */
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyerstatic int group_show_mpg(TALLOC_CTX *mem_ctx,
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer const char *attrs[] = GROUP_SHOW_MPG_ATTRS;
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer info = talloc_zero(mem_ctx, struct group_info);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = sysdb_search_user_by_name(info, domain, name, attrs, &msg);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(2, ("Search failed: %s (%d)\n", strerror(ret), ret));
38122cbf09ad3dcc31a826cc4093f630515a5cfcChristian Maeder info->gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
38122cbf09ad3dcc31a826cc4093f630515a5cfcChristian Maeder if (info->gid == 0 || info->name == NULL) {
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer/*==================The main program=================================== */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerstatic void print_group_info(struct group_info *g, int level)
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer printf(_("%1$s%2$sGroup: %3$s\n"), padding,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer printf(_("%1$sGID number: %2$d\n"), padding, g->gid);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer for (i=0; g->user_members[i]; ++i) {
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer printf(_("\n%1$sIs a member of: "), padding);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer for (i=0; g->memberofs[i]; ++i) {
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer printf(_("\n%1$sMember groups: "), padding);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerstatic void print_recursive(struct group_info **group_members, int level)
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer for (i=0; group_members[i]; ++i) {
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer print_group_info(group_members[i], level);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer print_recursive(group_members[i]->group_members, level);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer 0, _("The debug level to run with"), NULL },
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer { "recursive", 'R', POPT_ARG_NONE, NULL, 'r',
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer _("Print indirect group members recursively"), NULL },
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret)));
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* parse ops_ctx */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer pc = poptGetContext(NULL, argc, argv, long_options, 0);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer BAD_POPT_PARAMS(pc, _("Specify group to show\n"), ret, fini);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret)));
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ERROR("Error initializing the tools - no local domain\n");
c41a1c38edbd787d8fd12b9b5f11b73a37dafe0fChristian Maeder /* if the domain was not given as part of FQDN, default to local domain */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer ret = parse_name_domain(tctx, pc_groupname);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer ERROR("Invalid domain specified in FQDN\n");
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* The search itself */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer tctx->local, pc_recursive, tctx->octx->name, &root);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* Also show MPGs */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = group_show_mpg(tctx, tctx->sysdb, tctx->local,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer /* Process result */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret)));
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer "Printing groups only allowed in local domain.\n");
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ERROR("Internal error. Could not print group.\n");
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer /* print the results */