--- /dev/null
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @brief Notify smbd about idmap changes
+ * @file msg_idmap.c
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Feb 2011
+ *
+ */
+
+#include "includes.h"
+#include "memcache.h"
+#include "globals.h"
+#include "../libcli/security/dom_sid.h"
+#include "../librpc/gen_ndr/messaging.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "idmap_cache.h"
+
+struct id {
+ union {
+ uid_t uid;
+ gid_t gid;
+ struct dom_sid sid;
+ };
+ enum {UID, GID, SID} type;
+};
+
+static bool parse_id(const char* str, struct id* id)
+{
+ struct dom_sid sid;
+ unsigned long ul;
+ char c, trash;
+
+ if (sscanf(str, "%cID %lu%c", &c, &ul, &trash) == 2) {
+ switch(c) {
+ case 'G':
+ id->gid = ul;
+ id->type = GID;
+ return true;
+ case 'U':
+ id->uid = ul;
+ id->type = UID;
+ return true;
+ default:
+ break;
+ }
+ } else if (string_to_sid(&sid, str)) {
+ id->sid = sid;
+ id->type = SID;
+ return true;
+ }
+ return false;
+}
+
+static bool uid_in_use(const struct user_struct* user, uid_t uid)
+{
+ while (user) {
+ if (user->session_info && (user->session_info->utok.uid == uid)) {
+ return true;
+ }
+ user = user->next;
+ }
+ return false;
+}
+
+static bool gid_in_use(const struct user_struct* user, gid_t gid)
+{
+ while (user) {
+ if (user->session_info != NULL) {
+ int i;
+ struct unix_user_token utok = user->session_info->utok;
+ if (utok.gid == gid) {
+ return true;
+ }
+ for(i=0; i<utok.ngroups; i++) {
+ if (utok.groups[i] == gid) {
+ return true;
+ }
+ }
+ }
+ user = user->next;
+ }
+ return false;
+}
+
+static bool sid_in_use(const struct user_struct* user, const struct dom_sid* psid)
+{
+ uid_t uid;
+ gid_t gid;
+ if (sid_to_gid(psid, &gid)) {
+ return gid_in_use(user, gid);
+ } else if (sid_to_uid(psid, &uid)) {
+ return uid_in_use(user, uid);
+ }
+ return false;
+}
+
+
+static bool id_in_use(const struct user_struct* user, const struct id* id)
+{
+ switch(id->type) {
+ case UID:
+ return uid_in_use(user, id->uid);
+ case GID:
+ return gid_in_use(user, id->gid);
+ case SID:
+ return sid_in_use(user, &id->sid);
+ default:
+ break;
+ }
+ return false;
+}
+
+static void delete_from_cache(const struct id* id)
+{
+ switch(id->type) {
+ case UID:
+ delete_uid_cache(id->uid);
+ idmap_cache_del_uid(id->uid);
+ break;
+ case GID:
+ delete_gid_cache(id->gid);
+ idmap_cache_del_gid(id->gid);
+ break;
+ case SID:
+ delete_sid_cache(&id->sid);
+ idmap_cache_del_sid(&id->sid);
+ break;
+ default:
+ break;
+ }
+}
+
+
+static void message_idmap_flush(struct messaging_context *msg_ctx,
+ void* private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data)
+{
+ const char* msg = data ? (const char*)data->data : NULL;
+
+ DEBUG(0, ("Foo: idmap flush cache message(0x%.2x): %s\n", msg_type, msg ? msg : "<NULL>"));
+
+ if ((msg == NULL) || (msg[0] == '\0')) {
+ flush_gid_cache();
+ flush_uid_cache();
+ } else if (strncmp(msg, "GID", 3)) {
+ flush_gid_cache();
+ } else if (strncmp(msg, "UID", 3)) {
+ flush_uid_cache();
+ } else {
+ DEBUG(0, ("Invalid argument: %s\n", msg));
+ }
+}
+
+
+static void message_idmap_delete(struct messaging_context *msg_ctx,
+ void* private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data)
+{
+ const char* msg = (data && data->data) ? (const char*)data->data : "<NULL>";
+ bool do_kill = (msg_type == MSG_IDMAP_KILL);
+ struct user_struct* validated_users = smbd_server_conn->smb1.sessions.validated_users;
+ struct id id;
+
+ DEBUG(0, ("Foo: idmap delete message(0x%.2x): %s\n", msg_type, msg));
+
+ if (!parse_id(msg, &id)) {
+ DEBUG(0, ("Invalid ?ID: %s\n", msg));
+ return;
+ }
+
+ if( do_kill && id_in_use(validated_users, &id) ) {
+ exit_server_cleanly(msg);
+ } else {
+ delete_from_cache(&id);
+ }
+}
+
+void msg_idmap_register_msgs(struct messaging_context *ctx)
+{
+ messaging_register(ctx, NULL, MSG_IDMAP_FLUSH, message_idmap_flush);
+ messaging_register(ctx, NULL, MSG_IDMAP_DELETE, message_idmap_delete);
+ messaging_register(ctx, NULL, MSG_IDMAP_KILL, message_idmap_delete);
+}
strlen(argv[1]) + 1);
}
+
+static bool do_idmap(struct messaging_context *msg_ctx,
+ const struct server_id pid,
+ const int argc, const char **argv)
+{
+ static const char* usage = "Usage: "
+ "smbcontrol <dest> idmap <cmd> [arg]\n"
+ "\tcmd:\tflush [gid|uid]\n"
+ "\t\tdelete \"UID <uid>\"|\"GID <gid>\"|<sid>\n"
+ "\t\tkill \"UID <uid>\"|\"GID <gid>\"|<sid>\n";
+ const char* arg = NULL;
+ int arglen = 0;
+ int msg_type;
+
+ switch (argc) {
+ case 2:
+ break;
+ case 3:
+ arg = argv[2];
+ arglen = strlen(arg) + 1;
+ break;
+ default:
+ fprintf(stderr, "%s", usage);
+ return false;
+ }
+
+ if (strcmp(argv[1], "flush") == 0) {
+ msg_type = MSG_IDMAP_FLUSH;
+ }
+ else if (strcmp(argv[1], "delete") == 0) {
+ msg_type = MSG_IDMAP_DELETE;
+ }
+ else if (strcmp(argv[1], "kill") == 0) {
+ msg_type = MSG_IDMAP_KILL;
+ }
+ else if (strcmp(argv[1], "help") == 0) {
+ fprintf(stdout, "%s", usage);
+ return true;
+ }
+ else {
+ fprintf(stderr, "%s", usage);
+ return false;
+ }
+
+ return send_message(msg_ctx, pid, msg_type, arg, arglen);
+}
+
+
#if defined(HAVE_LIBUNWIND_PTRACE) && defined(HAVE_LINUX_PTRACE)
/* Return the name of a process given it's PID. This will only work on Linux,
const char *help; /* Short help text */
} msg_types[] = {
{ "debug", do_debug, "Set debuglevel" },
+ { "idmap", do_idmap, "Manipulate idmap cache" },
{ "force-election", do_election,
"Force a browse election" },
{ "ping", do_ping, "Elicit a response" },