1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * This module contains smbadm CLI which offers smb configuration 28 * functionalities. 29 */ 30 #include <errno.h> 31 #include <err.h> 32 #include <ctype.h> 33 #include <stdlib.h> 34 #include <stdio.h> 35 #include <syslog.h> 36 #include <strings.h> 37 #include <limits.h> 38 #include <getopt.h> 39 #include <libintl.h> 40 #include <zone.h> 41 #include <grp.h> 42 #include <libgen.h> 43 #include <netinet/in.h> 44 #include <smbsrv/libsmb.h> 45 46 typedef enum { 47 HELP_ADD_MEMBER, 48 HELP_CREATE, 49 HELP_DELETE, 50 HELP_DEL_MEMBER, 51 HELP_GET, 52 HELP_JOIN, 53 HELP_LIST, 54 HELP_RENAME, 55 HELP_SET, 56 HELP_SHOW, 57 HELP_USER_DISABLE, 58 HELP_USER_ENABLE 59 } smbadm_help_t; 60 61 #define SMBADM_CMDF_USER 0x01 62 #define SMBADM_CMDF_GROUP 0x02 63 #define SMBADM_CMDF_TYPEMASK 0x0F 64 65 #define SMBADM_ANSBUFSIZ 64 66 67 typedef struct smbadm_cmdinfo { 68 char *name; 69 int (*func)(int, char **); 70 smbadm_help_t usage; 71 uint32_t flags; 72 } smbadm_cmdinfo_t; 73 74 smbadm_cmdinfo_t *curcmd; 75 static char *progname; 76 77 static void smbadm_usage(boolean_t); 78 static int smbadm_join_workgroup(const char *); 79 static int smbadm_join_domain(const char *, const char *); 80 static boolean_t smbadm_valid_domainname(const char *); 81 static boolean_t smbadm_valid_username(const char *); 82 static boolean_t smbadm_valid_workgroup(const char *); 83 static void smbadm_extract_domain(char *, char **, char **); 84 85 static int smbadm_join(int, char **); 86 static int smbadm_list(int, char **); 87 static int smbadm_group_create(int, char **); 88 static int smbadm_group_delete(int, char **); 89 static int smbadm_group_rename(int, char **); 90 static int smbadm_group_show(int, char **); 91 static int smbadm_group_getprop(int, char **); 92 static int smbadm_group_setprop(int, char **); 93 static int smbadm_group_addmember(int, char **); 94 static int smbadm_group_delmember(int, char **); 95 static int smbadm_user_disable(int, char **); 96 static int smbadm_user_enable(int, char **); 97 98 static smbadm_cmdinfo_t smbadm_cmdtable[] = 99 { 100 { "add-member", smbadm_group_addmember, HELP_ADD_MEMBER, 101 SMBADM_CMDF_GROUP }, 102 { "create", smbadm_group_create, HELP_CREATE, 103 SMBADM_CMDF_GROUP }, 104 { "delete", smbadm_group_delete, HELP_DELETE, 105 SMBADM_CMDF_GROUP }, 106 { "disable-user", smbadm_user_disable, HELP_USER_DISABLE, 107 SMBADM_CMDF_USER }, 108 { "enable-user", smbadm_user_enable, HELP_USER_ENABLE, 109 SMBADM_CMDF_USER }, 110 { "get", smbadm_group_getprop, HELP_GET, 111 SMBADM_CMDF_GROUP }, 112 { "join", smbadm_join, HELP_JOIN, 0 }, 113 { "list", smbadm_list, HELP_LIST, 0 }, 114 { "remove-member", smbadm_group_delmember, HELP_DEL_MEMBER, 115 SMBADM_CMDF_GROUP }, 116 { "rename", smbadm_group_rename, HELP_RENAME, 117 SMBADM_CMDF_GROUP }, 118 { "set", smbadm_group_setprop, HELP_SET, 119 SMBADM_CMDF_GROUP }, 120 { "show", smbadm_group_show, HELP_SHOW, 121 SMBADM_CMDF_GROUP }, 122 }; 123 124 #define SMBADM_NCMD (sizeof (smbadm_cmdtable) / sizeof (smbadm_cmdtable[0])) 125 126 typedef struct smbadm_prop { 127 char *p_name; 128 char *p_value; 129 } smbadm_prop_t; 130 131 typedef struct smbadm_prop_handle { 132 char *p_name; 133 char *p_dispvalue; 134 int (*p_setfn)(char *, smbadm_prop_t *); 135 int (*p_getfn)(char *, smbadm_prop_t *); 136 boolean_t (*p_chkfn)(smbadm_prop_t *); 137 } smbadm_prop_handle_t; 138 139 static boolean_t smbadm_prop_validate(smbadm_prop_t *prop, boolean_t chkval); 140 static int smbadm_prop_parse(char *arg, smbadm_prop_t *prop); 141 static smbadm_prop_handle_t *smbadm_prop_gethandle(char *pname); 142 143 static boolean_t smbadm_chkprop_priv(smbadm_prop_t *prop); 144 static int smbadm_setprop_tkowner(char *gname, smbadm_prop_t *prop); 145 static int smbadm_getprop_tkowner(char *gname, smbadm_prop_t *prop); 146 static int smbadm_setprop_backup(char *gname, smbadm_prop_t *prop); 147 static int smbadm_getprop_backup(char *gname, smbadm_prop_t *prop); 148 static int smbadm_setprop_restore(char *gname, smbadm_prop_t *prop); 149 static int smbadm_getprop_restore(char *gname, smbadm_prop_t *prop); 150 static int smbadm_setprop_desc(char *gname, smbadm_prop_t *prop); 151 static int smbadm_getprop_desc(char *gname, smbadm_prop_t *prop); 152 153 static smbadm_prop_handle_t smbadm_ptable[] = { 154 {"backup", "on | off", smbadm_setprop_backup, 155 smbadm_getprop_backup, smbadm_chkprop_priv }, 156 {"restore", "on | off", smbadm_setprop_restore, 157 smbadm_getprop_restore, smbadm_chkprop_priv }, 158 {"take-ownership", "on | off", smbadm_setprop_tkowner, 159 smbadm_getprop_tkowner, smbadm_chkprop_priv }, 160 {"description", "<string>", smbadm_setprop_desc, 161 smbadm_getprop_desc, NULL }, 162 }; 163 164 static int smbadm_init(void); 165 static void smbadm_fini(void); 166 static const char *smbadm_pwd_strerror(int error); 167 168 /* 169 * Number of supported properties 170 */ 171 #define SMBADM_NPROP (sizeof (smbadm_ptable) / sizeof (smbadm_ptable[0])) 172 173 static void 174 smbadm_cmdusage(FILE *fp, smbadm_cmdinfo_t *cmd) 175 { 176 switch (cmd->usage) { 177 case HELP_ADD_MEMBER: 178 (void) fprintf(fp, 179 gettext("\t%s -m member [[-m member] ...] group\n"), 180 cmd->name); 181 return; 182 183 case HELP_CREATE: 184 (void) fprintf(fp, gettext("\t%s [-d description] group\n"), 185 cmd->name); 186 return; 187 188 case HELP_DELETE: 189 (void) fprintf(fp, gettext("\t%s group\n"), cmd->name); 190 return; 191 192 case HELP_USER_DISABLE: 193 case HELP_USER_ENABLE: 194 (void) fprintf(fp, gettext("\t%s user\n"), cmd->name); 195 return; 196 197 case HELP_GET: 198 (void) fprintf(fp, gettext("\t%s [[-p property] ...] group\n"), 199 cmd->name); 200 return; 201 202 case HELP_JOIN: 203 (void) fprintf(fp, gettext("\t%s -u username domain\n" 204 "\t%s -w workgroup\n"), cmd->name, cmd->name); 205 return; 206 207 case HELP_LIST: 208 (void) fprintf(fp, gettext("\t%s\n"), cmd->name); 209 (void) fprintf(fp, 210 gettext("\t\t[*] primary domain\n")); 211 (void) fprintf(fp, gettext("\t\t[.] local domain\n")); 212 (void) fprintf(fp, gettext("\t\t[-] other domains\n")); 213 (void) fprintf(fp, 214 gettext("\t\t[+] selected domain controller\n")); 215 return; 216 217 case HELP_DEL_MEMBER: 218 (void) fprintf(fp, 219 gettext("\t%s -m member [[-m member] ...] group\n"), 220 cmd->name); 221 return; 222 223 case HELP_RENAME: 224 (void) fprintf(fp, gettext("\t%s group new-group\n"), 225 cmd->name); 226 return; 227 228 case HELP_SET: 229 (void) fprintf(fp, gettext("\t%s -p property=value " 230 "[[-p property=value] ...] group\n"), cmd->name); 231 return; 232 233 case HELP_SHOW: 234 (void) fprintf(fp, gettext("\t%s [-m] [-p] [group]\n"), 235 cmd->name); 236 return; 237 238 default: 239 break; 240 } 241 242 abort(); 243 /* NOTREACHED */ 244 } 245 246 static void 247 smbadm_usage(boolean_t requested) 248 { 249 FILE *fp = requested ? stdout : stderr; 250 boolean_t show_props = B_FALSE; 251 int i; 252 253 if (curcmd == NULL) { 254 (void) fprintf(fp, 255 gettext("usage: %s [-h | <command> [options]]\n"), 256 progname); 257 (void) fprintf(fp, 258 gettext("where 'command' is one of the following:\n\n")); 259 260 for (i = 0; i < SMBADM_NCMD; i++) 261 smbadm_cmdusage(fp, &smbadm_cmdtable[i]); 262 263 (void) fprintf(fp, 264 gettext("\nFor property list, run %s %s|%s\n"), 265 progname, "get", "set"); 266 267 exit(requested ? 0 : 2); 268 } 269 270 (void) fprintf(fp, gettext("usage:\n")); 271 smbadm_cmdusage(fp, curcmd); 272 273 if (strcmp(curcmd->name, "get") == 0 || 274 strcmp(curcmd->name, "set") == 0) 275 show_props = B_TRUE; 276 277 if (show_props) { 278 (void) fprintf(fp, 279 gettext("\nThe following properties are supported:\n")); 280 281 (void) fprintf(fp, "\n\t%-16s %s\n\n", 282 "PROPERTY", "VALUES"); 283 284 for (i = 0; i < SMBADM_NPROP; i++) { 285 (void) fprintf(fp, "\t%-16s %s\n", 286 smbadm_ptable[i].p_name, 287 smbadm_ptable[i].p_dispvalue); 288 } 289 } 290 291 exit(requested ? 0 : 2); 292 } 293 294 /* 295 * smbadm_strcasecmplist 296 * 297 * Find a string 's' within a list of strings. 298 * 299 * Returns the index of the matching string or -1 if there is no match. 300 */ 301 static int 302 smbadm_strcasecmplist(const char *s, ...) 303 { 304 va_list ap; 305 char *p; 306 int ndx; 307 308 va_start(ap, s); 309 310 for (ndx = 0; ((p = va_arg(ap, char *)) != NULL); ++ndx) { 311 if (strcasecmp(s, p) == 0) { 312 va_end(ap); 313 return (ndx); 314 } 315 } 316 317 va_end(ap); 318 return (-1); 319 } 320 321 /* 322 * smbadm_answer_prompt 323 * 324 * Prompt for the answer to a question. A default response must be 325 * specified, which will be used if the user presses <enter> without 326 * answering the question. 327 */ 328 static int 329 smbadm_answer_prompt(const char *prompt, char *answer, const char *dflt) 330 { 331 char buf[SMBADM_ANSBUFSIZ]; 332 char *p; 333 334 (void) printf(gettext("%s [%s]: "), prompt, dflt); 335 336 if (fgets(buf, SMBADM_ANSBUFSIZ, stdin) == NULL) 337 return (-1); 338 339 if ((p = strchr(buf, '\n')) != NULL) 340 *p = '\0'; 341 342 if (*buf == '\0') 343 (void) strlcpy(answer, dflt, SMBADM_ANSBUFSIZ); 344 else 345 (void) strlcpy(answer, buf, SMBADM_ANSBUFSIZ); 346 347 return (0); 348 } 349 350 /* 351 * smbadm_confirm 352 * 353 * Ask a question that requires a yes/no answer. 354 * A default response must be specified. 355 */ 356 static boolean_t 357 smbadm_confirm(const char *prompt, const char *dflt) 358 { 359 char buf[SMBADM_ANSBUFSIZ]; 360 361 for (;;) { 362 if (smbadm_answer_prompt(prompt, buf, dflt) < 0) 363 return (B_FALSE); 364 365 if (smbadm_strcasecmplist(buf, "n", "no", 0) >= 0) 366 return (B_FALSE); 367 368 if (smbadm_strcasecmplist(buf, "y", "yes", 0) >= 0) 369 return (B_TRUE); 370 371 (void) printf(gettext("Please answer yes or no.\n")); 372 } 373 } 374 375 static boolean_t 376 smbadm_join_prompt(const char *domain) 377 { 378 (void) printf(gettext("After joining %s the smb service will be " 379 "restarted automatically.\n"), domain); 380 381 return (smbadm_confirm("Would you like to continue?", "no")); 382 } 383 384 static void 385 smbadm_restart_service(void) 386 { 387 if (smb_smf_restart_service() != 0) { 388 (void) fprintf(stderr, 389 gettext("Unable to restart smb service. " 390 "Run 'svcs -xv smb/server' for more information.")); 391 } 392 } 393 394 /* 395 * smbadm_join 396 * 397 * Join a domain or workgroup. 398 * 399 * When joining a domain, we may receive the username, password and 400 * domain name in any of the following combinations. Note that the 401 * password is optional on the command line: if it is not provided, 402 * we will prompt for it later. 403 * 404 * username+password domain 405 * domain\username+password 406 * domain/username+password 407 * username@domain 408 * 409 * We allow domain\name+password or domain/name+password but not 410 * name+password@domain because @ is a valid password character. 411 * 412 * If the username and domain name are passed as separate command 413 * line arguments, we process them directly. Otherwise we separate 414 * them and continue as if they were separate command line arguments. 415 */ 416 static int 417 smbadm_join(int argc, char **argv) 418 { 419 char buf[MAXHOSTNAMELEN * 2]; 420 char *domain = NULL; 421 char *username = NULL; 422 uint32_t mode = 0; 423 char option; 424 425 while ((option = getopt(argc, argv, "u:w:")) != -1) { 426 switch (option) { 427 case 'w': 428 if (mode != 0) { 429 (void) fprintf(stderr, 430 gettext("-u and -w must only appear " 431 "once and are mutually exclusive\n")); 432 smbadm_usage(B_FALSE); 433 } 434 435 mode = SMB_SECMODE_WORKGRP; 436 domain = optarg; 437 break; 438 439 case 'u': 440 if (mode != 0) { 441 (void) fprintf(stderr, 442 gettext("-u and -w must only appear " 443 "once and are mutually exclusive\n")); 444 smbadm_usage(B_FALSE); 445 } 446 447 mode = SMB_SECMODE_DOMAIN; 448 username = optarg; 449 450 if ((domain = argv[optind]) == NULL) { 451 /* 452 * The domain was not specified as a separate 453 * argument, check for the combination forms. 454 */ 455 (void) strlcpy(buf, username, sizeof (buf)); 456 smbadm_extract_domain(buf, &username, &domain); 457 } 458 459 if ((username == NULL) || (*username == '\0')) { 460 (void) fprintf(stderr, 461 gettext("missing username\n")); 462 smbadm_usage(B_FALSE); 463 } 464 break; 465 466 default: 467 smbadm_usage(B_FALSE); 468 break; 469 } 470 } 471 472 if ((domain == NULL) || (*domain == '\0')) { 473 (void) fprintf(stderr, gettext("missing %s name\n"), 474 (mode == SMB_SECMODE_WORKGRP) ? "workgroup" : "domain"); 475 smbadm_usage(B_FALSE); 476 } 477 478 if (mode == SMB_SECMODE_WORKGRP) 479 return (smbadm_join_workgroup(domain)); 480 else 481 return (smbadm_join_domain(domain, username)); 482 } 483 484 /* 485 * Workgroups comprise a collection of standalone, independently administered 486 * computers that use a common workgroup name. This is a peer-to-peer model 487 * with no formal membership mechanism. 488 */ 489 static int 490 smbadm_join_workgroup(const char *workgroup) 491 { 492 smb_joininfo_t jdi; 493 uint32_t status; 494 495 bzero(&jdi, sizeof (jdi)); 496 jdi.mode = SMB_SECMODE_WORKGRP; 497 (void) strlcpy(jdi.domain_name, workgroup, sizeof (jdi.domain_name)); 498 (void) strtrim(jdi.domain_name, " \t\n"); 499 500 if (!smbadm_valid_workgroup(jdi.domain_name)) { 501 (void) fprintf(stderr, gettext("workgroup name is invalid\n")); 502 smbadm_usage(B_FALSE); 503 } 504 505 if (!smbadm_join_prompt(jdi.domain_name)) 506 return (0); 507 508 if ((status = smb_join(&jdi)) != NT_STATUS_SUCCESS) { 509 (void) fprintf(stderr, gettext("failed to join %s: %s\n"), 510 jdi.domain_name, xlate_nt_status(status)); 511 return (1); 512 } 513 514 (void) printf(gettext("Successfully joined %s\n"), jdi.domain_name); 515 smbadm_restart_service(); 516 return (0); 517 } 518 519 /* 520 * Domains comprise a centrally administered group of computers and accounts 521 * that share a common security and administration policy and database. 522 * Computers must join a domain and become domain members, which requires 523 * an administrator level account name. 524 * 525 * The '+' character is invalid within a username. We allow the password 526 * to be appended to the username using '+' as a scripting convenience. 527 */ 528 static int 529 smbadm_join_domain(const char *domain, const char *username) 530 { 531 smb_joininfo_t jdi; 532 uint32_t status; 533 char *prompt; 534 char *p; 535 int len; 536 537 bzero(&jdi, sizeof (jdi)); 538 jdi.mode = SMB_SECMODE_DOMAIN; 539 (void) strlcpy(jdi.domain_name, domain, sizeof (jdi.domain_name)); 540 (void) strtrim(jdi.domain_name, " \t\n"); 541 542 if (!smbadm_valid_domainname(jdi.domain_name)) { 543 (void) fprintf(stderr, gettext("domain name is invalid\n")); 544 smbadm_usage(B_FALSE); 545 } 546 547 if (!smbadm_join_prompt(jdi.domain_name)) 548 return (0); 549 550 if ((p = strchr(username, '+')) != NULL) { 551 ++p; 552 553 len = (int)(p - username); 554 if (len > sizeof (jdi.domain_name)) 555 len = sizeof (jdi.domain_name); 556 557 (void) strlcpy(jdi.domain_username, username, len); 558 (void) strlcpy(jdi.domain_passwd, p, 559 sizeof (jdi.domain_passwd)); 560 } else { 561 (void) strlcpy(jdi.domain_username, username, 562 sizeof (jdi.domain_username)); 563 } 564 565 if (!smbadm_valid_username(jdi.domain_username)) { 566 (void) fprintf(stderr, 567 gettext("username contains invalid characters\n")); 568 smbadm_usage(B_FALSE); 569 } 570 571 if (*jdi.domain_passwd == '\0') { 572 prompt = gettext("Enter domain password: "); 573 574 if ((p = getpassphrase(prompt)) == NULL) { 575 (void) fprintf(stderr, gettext("missing password\n")); 576 smbadm_usage(B_FALSE); 577 } 578 579 (void) strlcpy(jdi.domain_passwd, p, 580 sizeof (jdi.domain_passwd)); 581 } 582 583 (void) printf(gettext("Joining %s ... this may take a minute ...\n"), 584 jdi.domain_name); 585 586 status = smb_join(&jdi); 587 588 switch (status) { 589 case NT_STATUS_SUCCESS: 590 (void) printf(gettext("Successfully joined %s\n"), 591 jdi.domain_name); 592 bzero(&jdi, sizeof (jdi)); 593 smbadm_restart_service(); 594 return (0); 595 596 case NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND: 597 (void) fprintf(stderr, 598 gettext("failed to find any domain controllers for %s\n"), 599 jdi.domain_name); 600 bzero(&jdi, sizeof (jdi)); 601 return (1); 602 603 default: 604 (void) fprintf(stderr, gettext("failed to join %s: %s\n"), 605 jdi.domain_name, xlate_nt_status(status)); 606 bzero(&jdi, sizeof (jdi)); 607 return (1); 608 } 609 } 610 611 /* 612 * We want to process the user and domain names as separate strings. 613 * Check for names of the forms below and separate the components as 614 * required. 615 * 616 * name@domain 617 * domain\name 618 * domain/name 619 * 620 * If we encounter any of the forms above in arg, the @, / or \ 621 * separator is replaced by \0 and the username and domain pointers 622 * are changed to point to the appropriate components (in arg). 623 * 624 * If none of the separators are encountered, the username and domain 625 * pointers remain unchanged. 626 */ 627 static void 628 smbadm_extract_domain(char *arg, char **username, char **domain) 629 { 630 char *p; 631 632 if ((p = strpbrk(arg, "/\\@")) != NULL) { 633 if (*p == '@') { 634 *p = '\0'; 635 ++p; 636 637 if (strchr(arg, '+') != NULL) 638 return; 639 640 *domain = p; 641 *username = arg; 642 } else { 643 *p = '\0'; 644 ++p; 645 *username = p; 646 *domain = arg; 647 } 648 } 649 } 650 651 /* 652 * Check a domain name for RFC 1035 and 1123 compliance. Domain names may 653 * contain alphanumeric characters, hyphens and dots. The first and last 654 * character of a label must be alphanumeric. Interior characters may be 655 * alphanumeric or hypens. 656 * 657 * Domain names should not contain underscores but we allow them because 658 * Windows names are often in non-compliance with this rule. 659 */ 660 static boolean_t 661 smbadm_valid_domainname(const char *domain) 662 { 663 boolean_t new_label = B_TRUE; 664 const char *p; 665 char label_terminator; 666 667 if (domain == NULL || *domain == '\0') 668 return (B_FALSE); 669 670 label_terminator = *domain; 671 672 for (p = domain; *p != '\0'; ++p) { 673 if (new_label) { 674 if (!isalnum(*p)) 675 return (B_FALSE); 676 new_label = B_FALSE; 677 label_terminator = *p; 678 continue; 679 } 680 681 if (*p == '.') { 682 if (!isalnum(label_terminator)) 683 return (B_FALSE); 684 new_label = B_TRUE; 685 label_terminator = *p; 686 continue; 687 } 688 689 label_terminator = *p; 690 691 if (isalnum(*p) || *p == '-' || *p == '_') 692 continue; 693 694 return (B_FALSE); 695 } 696 697 if (!isalnum(label_terminator)) 698 return (B_FALSE); 699 return (B_TRUE); 700 } 701 702 /* 703 * Windows user names cannot contain the following characters 704 * or control characters. 705 * 706 * " / \ [ ] < > + ; , ? * = @ 707 */ 708 static boolean_t 709 smbadm_valid_username(const char *username) 710 { 711 const char *invalid = "\"/\\[]<>+;,?*=@"; 712 const char *p; 713 714 if (username == NULL) 715 return (B_FALSE); 716 717 if (strpbrk(username, invalid)) 718 return (B_FALSE); 719 720 for (p = username; *p != '\0'; p++) { 721 if (iscntrl(*p)) 722 return (B_FALSE); 723 } 724 725 return (B_TRUE); 726 } 727 728 /* 729 * A workgroup name can contain 1 to 15 characters but cannot be the same 730 * as the NetBIOS name. The name must begin with a letter or number. 731 * 732 * The name cannot consist entirely of spaces or dots, which is covered 733 * by the requirement that the name must begin with an alphanumeric 734 * character. 735 * 736 * The name must not contain any of the following characters or control 737 * characters. 738 * 739 * " / \ [ ] : | < > + = ; , ? 740 */ 741 static boolean_t 742 smbadm_valid_workgroup(const char *workgroup) 743 { 744 char netbiosname[NETBIOS_NAME_SZ]; 745 const char *invalid = "\"/\\[]:|<>+=;,?"; 746 const char *p; 747 748 if (workgroup == NULL || *workgroup == '\0' || (!isalnum(*workgroup))) 749 return (B_FALSE); 750 751 if (strlen(workgroup) >= NETBIOS_NAME_SZ) 752 return (B_FALSE); 753 754 if (smb_getnetbiosname(netbiosname, NETBIOS_NAME_SZ) == 0) { 755 if (utf8_strcasecmp(workgroup, netbiosname) == 0) 756 return (B_FALSE); 757 } 758 759 if (strpbrk(workgroup, invalid)) 760 return (B_FALSE); 761 762 for (p = workgroup; *p != '\0'; p++) { 763 if (iscntrl(*p)) 764 return (B_FALSE); 765 } 766 767 return (B_TRUE); 768 } 769 770 /* 771 * smbadm_list 772 * 773 * Displays current security mode and domain/workgroup name. 774 */ 775 /*ARGSUSED*/ 776 static int 777 smbadm_list(int argc, char **argv) 778 { 779 char domain[MAXHOSTNAMELEN]; 780 char fqdn[MAXHOSTNAMELEN]; 781 char srvname[MAXHOSTNAMELEN]; 782 char modename[16]; 783 int rc; 784 smb_inaddr_t srvipaddr; 785 char ipstr[INET6_ADDRSTRLEN]; 786 787 rc = smb_config_getstr(SMB_CI_SECURITY, modename, sizeof (modename)); 788 if (rc != SMBD_SMF_OK) { 789 (void) fprintf(stderr, 790 gettext("cannot determine the operational mode\n")); 791 return (1); 792 } 793 794 if (smb_getdomainname(domain, sizeof (domain)) != 0) { 795 (void) fprintf(stderr, gettext("failed to get the %s name\n"), 796 modename); 797 return (1); 798 } 799 800 if (strcmp(modename, "workgroup") == 0) { 801 (void) printf(gettext("[*] [%s]\n"), domain); 802 return (0); 803 } 804 805 (void) printf(gettext("[*] [%s]\n"), domain); 806 if ((smb_getfqdomainname(fqdn, sizeof (fqdn)) == 0) && (*fqdn != '\0')) 807 (void) printf(gettext("[*] [%s]\n"), fqdn); 808 809 if ((smb_get_dcinfo(srvname, MAXHOSTNAMELEN, &srvipaddr) 810 == NT_STATUS_SUCCESS) && (*srvname != '\0') && 811 (!smb_inet_iszero(&srvipaddr))) { 812 (void) smb_inet_ntop(&srvipaddr, ipstr, 813 SMB_IPSTRLEN(srvipaddr.a_family)); 814 (void) printf(gettext("\t[+%s.%s] [%s]\n"), 815 srvname, fqdn, ipstr); 816 } 817 818 nt_domain_show(); 819 return (0); 820 } 821 822 /* 823 * smbadm_group_create 824 * 825 * Creates a local SMB group 826 */ 827 static int 828 smbadm_group_create(int argc, char **argv) 829 { 830 char *gname = NULL; 831 char *desc = NULL; 832 char option; 833 int status; 834 835 while ((option = getopt(argc, argv, "d:")) != -1) { 836 switch (option) { 837 case 'd': 838 desc = optarg; 839 break; 840 841 default: 842 smbadm_usage(B_FALSE); 843 } 844 } 845 846 gname = argv[optind]; 847 if (optind >= argc || gname == NULL || *gname == '\0') { 848 (void) fprintf(stderr, gettext("missing group name\n")); 849 smbadm_usage(B_FALSE); 850 } 851 852 if (getgrnam(gname) == NULL) { 853 (void) fprintf(stderr, 854 gettext("failed to get the Solaris group '%s'\n"), gname); 855 (void) fprintf(stderr, 856 gettext("use 'groupadd' to add '%s'\n"), gname); 857 return (1); 858 } 859 860 status = smb_lgrp_add(gname, desc); 861 if (status != SMB_LGRP_SUCCESS) { 862 (void) fprintf(stderr, 863 gettext("failed to create the group (%s)\n"), 864 smb_lgrp_strerror(status)); 865 } else { 866 (void) printf(gettext("'%s' created.\n"), 867 gname); 868 } 869 870 return (status); 871 } 872 873 /* 874 * smbadm_group_dump_members 875 * 876 * Dump group members details. 877 */ 878 static void 879 smbadm_group_dump_members(smb_gsid_t *members, int num) 880 { 881 char sidstr[SMB_SID_STRSZ]; 882 int i; 883 884 if (num == 0) { 885 (void) printf(gettext("\tNo members\n")); 886 return; 887 } 888 889 (void) printf(gettext("\tMembers:\n")); 890 for (i = 0; i < num; i++) { 891 *sidstr = '\0'; 892 if (smb_lookup_sid(members[i].gs_sid, sidstr, 893 sizeof (sidstr)) == NT_STATUS_SUCCESS) 894 (void) printf(gettext("\t\t%s\n"), sidstr); 895 else 896 (void) printf(gettext("\t\tinvalid SID\n")); 897 } 898 } 899 900 /* 901 * smbadm_group_dump_privs 902 * 903 * Dump group privilege details. 904 */ 905 static void 906 smbadm_group_dump_privs(smb_privset_t *privs) 907 { 908 smb_privinfo_t *pinfo; 909 char *pstatus; 910 int i; 911 912 (void) printf(gettext("\tPrivileges: \n")); 913 914 for (i = 0; i < privs->priv_cnt; i++) { 915 pinfo = smb_priv_getbyvalue(privs->priv[i].luid.lo_part); 916 if ((pinfo == NULL) || (pinfo->flags & PF_PRESENTABLE) == 0) 917 continue; 918 919 switch (privs->priv[i].attrs) { 920 case SE_PRIVILEGE_ENABLED: 921 pstatus = "On"; 922 break; 923 case SE_PRIVILEGE_DISABLED: 924 pstatus = "Off"; 925 break; 926 default: 927 pstatus = "Unknown"; 928 break; 929 } 930 (void) printf(gettext("\t\t%s: %s\n"), pinfo->name, pstatus); 931 } 932 933 if (privs->priv_cnt == 0) 934 (void) printf(gettext("\t\tNo privileges\n")); 935 } 936 937 /* 938 * smbadm_group_dump 939 * 940 * Dump group details. 941 */ 942 static void 943 smbadm_group_dump(smb_group_t *grp, boolean_t show_mem, boolean_t show_privs) 944 { 945 char sidstr[SMB_SID_STRSZ]; 946 947 (void) printf(gettext("%s (%s)\n"), grp->sg_name, grp->sg_cmnt); 948 949 smb_sid_tostr(grp->sg_id.gs_sid, sidstr); 950 (void) printf(gettext("\tSID: %s\n"), sidstr); 951 952 if (show_privs) 953 smbadm_group_dump_privs(grp->sg_privs); 954 955 if (show_mem) 956 smbadm_group_dump_members(grp->sg_members, grp->sg_nmembers); 957 } 958 959 /* 960 * smbadm_group_show 961 * 962 */ 963 static int 964 smbadm_group_show(int argc, char **argv) 965 { 966 char *gname = NULL; 967 boolean_t show_privs; 968 boolean_t show_members; 969 char option; 970 int status; 971 smb_group_t grp; 972 smb_giter_t gi; 973 974 show_privs = show_members = B_FALSE; 975 976 while ((option = getopt(argc, argv, "mp")) != -1) { 977 switch (option) { 978 case 'm': 979 show_members = B_TRUE; 980 break; 981 case 'p': 982 show_privs = B_TRUE; 983 break; 984 985 default: 986 smbadm_usage(B_FALSE); 987 } 988 } 989 990 gname = argv[optind]; 991 if (optind >= argc || gname == NULL || *gname == '\0') 992 gname = "*"; 993 994 if (strcmp(gname, "*")) { 995 status = smb_lgrp_getbyname(gname, &grp); 996 if (status == SMB_LGRP_SUCCESS) { 997 smbadm_group_dump(&grp, show_members, show_privs); 998 smb_lgrp_free(&grp); 999 } else { 1000 (void) fprintf(stderr, 1001 gettext("failed to find %s (%s)\n"), 1002 gname, smb_lgrp_strerror(status)); 1003 } 1004 return (status); 1005 } 1006 1007 if ((status = smb_lgrp_iteropen(&gi)) != SMB_LGRP_SUCCESS) { 1008 (void) fprintf(stderr, gettext("failed to list groups (%s)\n"), 1009 smb_lgrp_strerror(status)); 1010 return (status); 1011 } 1012 1013 while ((status = smb_lgrp_iterate(&gi, &grp)) == SMB_LGRP_SUCCESS) { 1014 smbadm_group_dump(&grp, show_members, show_privs); 1015 smb_lgrp_free(&grp); 1016 } 1017 1018 smb_lgrp_iterclose(&gi); 1019 1020 if (status != SMB_LGRP_NO_MORE) { 1021 (void) fprintf(stderr, 1022 gettext("failed to get all the groups (%s)\n"), 1023 smb_lgrp_strerror(status)); 1024 return (status); 1025 } 1026 1027 return (0); 1028 } 1029 1030 /* 1031 * smbadm_group_delete 1032 */ 1033 static int 1034 smbadm_group_delete(int argc, char **argv) 1035 { 1036 char *gname = NULL; 1037 int status; 1038 1039 gname = argv[optind]; 1040 if (optind >= argc || gname == NULL || *gname == '\0') { 1041 (void) fprintf(stderr, gettext("missing group name\n")); 1042 smbadm_usage(B_FALSE); 1043 } 1044 1045 status = smb_lgrp_delete(gname); 1046 if (status != SMB_LGRP_SUCCESS) { 1047 (void) fprintf(stderr, 1048 gettext("failed to delete %s (%s)\n"), gname, 1049 smb_lgrp_strerror(status)); 1050 } else { 1051 (void) printf(gettext("%s deleted.\n"), gname); 1052 } 1053 1054 return (status); 1055 } 1056 1057 /* 1058 * smbadm_group_rename 1059 */ 1060 static int 1061 smbadm_group_rename(int argc, char **argv) 1062 { 1063 char *gname = NULL; 1064 char *ngname = NULL; 1065 int status; 1066 1067 gname = argv[optind]; 1068 if (optind++ >= argc || gname == NULL || *gname == '\0') { 1069 (void) fprintf(stderr, gettext("missing group name\n")); 1070 smbadm_usage(B_FALSE); 1071 } 1072 1073 ngname = argv[optind]; 1074 if (optind >= argc || ngname == NULL || *ngname == '\0') { 1075 (void) fprintf(stderr, gettext("missing new group name\n")); 1076 smbadm_usage(B_FALSE); 1077 } 1078 1079 if (getgrnam(ngname) == NULL) { 1080 (void) fprintf(stderr, 1081 gettext("failed to get the Solaris group '%s'\n"), ngname); 1082 (void) fprintf(stderr, 1083 gettext("use 'groupadd' to add '%s'\n"), ngname); 1084 return (1); 1085 } 1086 1087 status = smb_lgrp_rename(gname, ngname); 1088 if (status != SMB_LGRP_SUCCESS) { 1089 if (status == SMB_LGRP_EXISTS) 1090 (void) fprintf(stderr, 1091 gettext("failed to rename '%s' (%s already " 1092 "exists)\n"), gname, ngname); 1093 else 1094 (void) fprintf(stderr, 1095 gettext("failed to rename '%s' (%s)\n"), gname, 1096 smb_lgrp_strerror(status)); 1097 } else { 1098 (void) printf(gettext("'%s' renamed to '%s'\n"), gname, ngname); 1099 } 1100 1101 return (status); 1102 } 1103 1104 /* 1105 * smbadm_group_setprop 1106 * 1107 * Set the group properties. 1108 */ 1109 static int 1110 smbadm_group_setprop(int argc, char **argv) 1111 { 1112 char *gname = NULL; 1113 smbadm_prop_t props[SMBADM_NPROP]; 1114 smbadm_prop_handle_t *phandle; 1115 char option; 1116 int pcnt = 0; 1117 int ret; 1118 int p; 1119 1120 bzero(props, SMBADM_NPROP * sizeof (smbadm_prop_t)); 1121 1122 while ((option = getopt(argc, argv, "p:")) != -1) { 1123 switch (option) { 1124 case 'p': 1125 if (pcnt >= SMBADM_NPROP) { 1126 (void) fprintf(stderr, 1127 gettext("exceeded number of supported" 1128 " properties\n")); 1129 smbadm_usage(B_FALSE); 1130 } 1131 1132 if (smbadm_prop_parse(optarg, &props[pcnt++]) != 0) 1133 smbadm_usage(B_FALSE); 1134 break; 1135 1136 default: 1137 smbadm_usage(B_FALSE); 1138 } 1139 } 1140 1141 if (pcnt == 0) { 1142 (void) fprintf(stderr, 1143 gettext("missing property=value argument\n")); 1144 smbadm_usage(B_FALSE); 1145 } 1146 1147 gname = argv[optind]; 1148 if (optind >= argc || gname == NULL || *gname == '\0') { 1149 (void) fprintf(stderr, gettext("missing group name\n")); 1150 smbadm_usage(B_FALSE); 1151 } 1152 1153 for (p = 0; p < pcnt; p++) { 1154 phandle = smbadm_prop_gethandle(props[p].p_name); 1155 if (phandle) { 1156 if (phandle->p_setfn(gname, &props[p]) != 0) 1157 ret = 1; 1158 } 1159 } 1160 1161 return (ret); 1162 } 1163 1164 /* 1165 * smbadm_group_getprop 1166 * 1167 * Get the group properties. 1168 */ 1169 static int 1170 smbadm_group_getprop(int argc, char **argv) 1171 { 1172 char *gname = NULL; 1173 smbadm_prop_t props[SMBADM_NPROP]; 1174 smbadm_prop_handle_t *phandle; 1175 char option; 1176 int pcnt = 0; 1177 int ret; 1178 int p; 1179 1180 bzero(props, SMBADM_NPROP * sizeof (smbadm_prop_t)); 1181 1182 while ((option = getopt(argc, argv, "p:")) != -1) { 1183 switch (option) { 1184 case 'p': 1185 if (pcnt >= SMBADM_NPROP) { 1186 (void) fprintf(stderr, 1187 gettext("exceeded number of supported" 1188 " properties\n")); 1189 smbadm_usage(B_FALSE); 1190 } 1191 1192 if (smbadm_prop_parse(optarg, &props[pcnt++]) != 0) 1193 smbadm_usage(B_FALSE); 1194 break; 1195 1196 default: 1197 smbadm_usage(B_FALSE); 1198 } 1199 } 1200 1201 gname = argv[optind]; 1202 if (optind >= argc || gname == NULL || *gname == '\0') { 1203 (void) fprintf(stderr, gettext("missing group name\n")); 1204 smbadm_usage(B_FALSE); 1205 } 1206 1207 if (pcnt == 0) { 1208 /* 1209 * If no property has be specified then get 1210 * all the properties. 1211 */ 1212 pcnt = SMBADM_NPROP; 1213 for (p = 0; p < pcnt; p++) 1214 props[p].p_name = smbadm_ptable[p].p_name; 1215 } 1216 1217 for (p = 0; p < pcnt; p++) { 1218 phandle = smbadm_prop_gethandle(props[p].p_name); 1219 if (phandle) { 1220 if (phandle->p_getfn(gname, &props[p]) != 0) 1221 ret = 1; 1222 } 1223 } 1224 1225 return (ret); 1226 } 1227 1228 /* 1229 * smbadm_group_addmember 1230 * 1231 */ 1232 static int 1233 smbadm_group_addmember(int argc, char **argv) 1234 { 1235 char *gname = NULL; 1236 char **mname; 1237 char option; 1238 smb_gsid_t msid; 1239 int status; 1240 int mcnt = 0; 1241 int ret = 0; 1242 int i; 1243 1244 1245 mname = (char **)malloc(argc * sizeof (char *)); 1246 if (mname == NULL) { 1247 warn(gettext("failed to add group member")); 1248 return (1); 1249 } 1250 bzero(mname, argc * sizeof (char *)); 1251 1252 while ((option = getopt(argc, argv, "m:")) != -1) { 1253 switch (option) { 1254 case 'm': 1255 mname[mcnt++] = optarg; 1256 break; 1257 1258 default: 1259 free(mname); 1260 smbadm_usage(B_FALSE); 1261 } 1262 } 1263 1264 if (mcnt == 0) { 1265 (void) fprintf(stderr, gettext("missing member name\n")); 1266 free(mname); 1267 smbadm_usage(B_FALSE); 1268 } 1269 1270 gname = argv[optind]; 1271 if (optind >= argc || gname == NULL || *gname == 0) { 1272 (void) fprintf(stderr, gettext("missing group name\n")); 1273 free(mname); 1274 smbadm_usage(B_FALSE); 1275 } 1276 1277 1278 for (i = 0; i < mcnt; i++) { 1279 if (mname[i] == NULL) 1280 continue; 1281 1282 if (smb_lookup_name(mname[i], &msid) != NT_STATUS_SUCCESS) { 1283 (void) fprintf(stderr, 1284 gettext("failed to add %s: unable to obtain SID\n"), 1285 mname[i]); 1286 continue; 1287 } 1288 1289 status = smb_lgrp_add_member(gname, msid.gs_sid, msid.gs_type); 1290 free(msid.gs_sid); 1291 if (status != SMB_LGRP_SUCCESS) { 1292 (void) fprintf(stderr, 1293 gettext("failed to add %s (%s)\n"), 1294 mname[i], smb_lgrp_strerror(status)); 1295 ret = 1; 1296 } else { 1297 (void) printf(gettext("'%s' is now a member of '%s'\n"), 1298 mname[i], gname); 1299 } 1300 } 1301 1302 free(mname); 1303 return (ret); 1304 } 1305 1306 /* 1307 * smbadm_group_delmember 1308 */ 1309 static int 1310 smbadm_group_delmember(int argc, char **argv) 1311 { 1312 char *gname = NULL; 1313 char **mname; 1314 char option; 1315 smb_gsid_t msid; 1316 int status; 1317 int mcnt = 0; 1318 int ret = 0; 1319 int i; 1320 1321 mname = (char **)malloc(argc * sizeof (char *)); 1322 if (mname == NULL) { 1323 warn(gettext("failed to delete group member")); 1324 return (1); 1325 } 1326 bzero(mname, argc * sizeof (char *)); 1327 1328 while ((option = getopt(argc, argv, "m:")) != -1) { 1329 switch (option) { 1330 case 'm': 1331 mname[mcnt++] = optarg; 1332 break; 1333 1334 default: 1335 free(mname); 1336 smbadm_usage(B_FALSE); 1337 } 1338 } 1339 1340 if (mcnt == 0) { 1341 (void) fprintf(stderr, gettext("missing member name\n")); 1342 free(mname); 1343 smbadm_usage(B_FALSE); 1344 } 1345 1346 gname = argv[optind]; 1347 if (optind >= argc || gname == NULL || *gname == 0) { 1348 (void) fprintf(stderr, gettext("missing group name\n")); 1349 free(mname); 1350 smbadm_usage(B_FALSE); 1351 } 1352 1353 1354 for (i = 0; i < mcnt; i++) { 1355 if (mname[i] == NULL) 1356 continue; 1357 1358 if (smb_lookup_name(mname[i], &msid) != NT_STATUS_SUCCESS) { 1359 (void) fprintf(stderr, 1360 gettext("failed to remove %s: " 1361 "unable to obtain SID\n"), 1362 mname[i]); 1363 continue; 1364 } 1365 1366 status = smb_lgrp_del_member(gname, msid.gs_sid, msid.gs_type); 1367 free(msid.gs_sid); 1368 if (status != SMB_LGRP_SUCCESS) { 1369 (void) fprintf(stderr, 1370 gettext("failed to remove %s (%s)\n"), 1371 mname[i], smb_lgrp_strerror(status)); 1372 ret = 1; 1373 } else { 1374 (void) printf( 1375 gettext("'%s' has been removed from %s\n"), 1376 mname[i], gname); 1377 } 1378 } 1379 1380 return (ret); 1381 } 1382 1383 static int 1384 smbadm_user_disable(int argc, char **argv) 1385 { 1386 int error; 1387 char *user = NULL; 1388 1389 user = argv[optind]; 1390 if (optind >= argc || user == NULL || *user == '\0') { 1391 (void) fprintf(stderr, gettext("missing user name\n")); 1392 smbadm_usage(B_FALSE); 1393 } 1394 1395 error = smb_pwd_setcntl(user, SMB_PWC_DISABLE); 1396 if (error == SMB_PWE_SUCCESS) 1397 (void) printf(gettext("%s is disabled.\n"), user); 1398 else 1399 (void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error)); 1400 1401 return (error); 1402 } 1403 1404 static int 1405 smbadm_user_enable(int argc, char **argv) 1406 { 1407 int error; 1408 char *user = NULL; 1409 1410 user = argv[optind]; 1411 if (optind >= argc || user == NULL || *user == '\0') { 1412 (void) fprintf(stderr, gettext("missing user name\n")); 1413 smbadm_usage(B_FALSE); 1414 } 1415 1416 error = smb_pwd_setcntl(user, SMB_PWC_ENABLE); 1417 if (error == SMB_PWE_SUCCESS) 1418 (void) printf(gettext("%s is enabled.\n"), user); 1419 else 1420 (void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error)); 1421 1422 return (error); 1423 } 1424 1425 1426 int 1427 main(int argc, char **argv) 1428 { 1429 int ret; 1430 int i; 1431 1432 (void) malloc(0); /* satisfy libumem dependency */ 1433 1434 progname = basename(argv[0]); 1435 1436 if (getzoneid() != GLOBAL_ZONEID) { 1437 (void) fprintf(stderr, 1438 gettext("cannot execute in non-global zone\n")); 1439 return (0); 1440 } 1441 1442 if (is_system_labeled()) { 1443 (void) fprintf(stderr, 1444 gettext("Trusted Extensions not supported\n")); 1445 return (0); 1446 } 1447 1448 if (argc < 2) { 1449 (void) fprintf(stderr, gettext("missing command\n")); 1450 smbadm_usage(B_FALSE); 1451 } 1452 1453 /* 1454 * Special case "cmd --help/-?" 1455 */ 1456 if (strcmp(argv[1], "-?") == 0 || 1457 strcmp(argv[1], "--help") == 0 || 1458 strcmp(argv[1], "-h") == 0) 1459 smbadm_usage(B_TRUE); 1460 1461 for (i = 0; i < SMBADM_NCMD; ++i) { 1462 curcmd = &smbadm_cmdtable[i]; 1463 if (strcasecmp(argv[1], curcmd->name) == 0) { 1464 if (argc > 2) { 1465 /* cmd subcmd --help/-? */ 1466 if (strcmp(argv[2], "-?") == 0 || 1467 strcmp(argv[2], "--help") == 0 || 1468 strcmp(argv[2], "-h") == 0) 1469 smbadm_usage(B_TRUE); 1470 } 1471 1472 if ((ret = smbadm_init()) != 0) 1473 return (ret); 1474 1475 ret = curcmd->func(argc - 1, &argv[1]); 1476 1477 smbadm_fini(); 1478 return (ret); 1479 } 1480 } 1481 1482 curcmd = NULL; 1483 (void) fprintf(stderr, gettext("unknown subcommand (%s)\n"), argv[1]); 1484 smbadm_usage(B_FALSE); 1485 return (2); 1486 } 1487 1488 static int 1489 smbadm_init(void) 1490 { 1491 int rc; 1492 1493 switch (curcmd->flags & SMBADM_CMDF_TYPEMASK) { 1494 case SMBADM_CMDF_GROUP: 1495 if (smb_idmap_start() != 0) { 1496 (void) fprintf(stderr, 1497 gettext("failed to contact idmap service\n")); 1498 return (1); 1499 } 1500 1501 if ((rc = smb_lgrp_start()) != SMB_LGRP_SUCCESS) { 1502 (void) fprintf(stderr, 1503 gettext("failed to initialize (%s)\n"), 1504 smb_lgrp_strerror(rc)); 1505 smb_idmap_stop(); 1506 return (1); 1507 } 1508 break; 1509 1510 case SMBADM_CMDF_USER: 1511 smb_pwd_init(B_FALSE); 1512 break; 1513 1514 default: 1515 break; 1516 } 1517 1518 return (0); 1519 } 1520 1521 static void 1522 smbadm_fini(void) 1523 { 1524 switch (curcmd->flags & SMBADM_CMDF_TYPEMASK) { 1525 case SMBADM_CMDF_GROUP: 1526 smb_lgrp_stop(); 1527 smb_idmap_stop(); 1528 break; 1529 1530 case SMBADM_CMDF_USER: 1531 smb_pwd_fini(); 1532 break; 1533 1534 default: 1535 break; 1536 } 1537 } 1538 1539 static boolean_t 1540 smbadm_prop_validate(smbadm_prop_t *prop, boolean_t chkval) 1541 { 1542 smbadm_prop_handle_t *pinfo; 1543 int i; 1544 1545 for (i = 0; i < SMBADM_NPROP; i++) { 1546 pinfo = &smbadm_ptable[i]; 1547 if (strcmp(pinfo->p_name, prop->p_name) == 0) { 1548 if (pinfo->p_chkfn && chkval) 1549 return (pinfo->p_chkfn(prop)); 1550 1551 return (B_TRUE); 1552 } 1553 } 1554 1555 (void) fprintf(stderr, gettext("unrecognized property '%s'\n"), 1556 prop->p_name); 1557 1558 return (B_FALSE); 1559 } 1560 1561 static int 1562 smbadm_prop_parse(char *arg, smbadm_prop_t *prop) 1563 { 1564 boolean_t parse_value; 1565 char *equal; 1566 1567 if (arg == NULL) 1568 return (2); 1569 1570 prop->p_name = prop->p_value = NULL; 1571 1572 if (strcmp(curcmd->name, "set") == 0) 1573 parse_value = B_TRUE; 1574 else 1575 parse_value = B_FALSE; 1576 1577 prop->p_name = arg; 1578 1579 if (parse_value) { 1580 equal = strchr(arg, '='); 1581 if (equal == NULL) 1582 return (2); 1583 1584 *equal++ = '\0'; 1585 prop->p_value = equal; 1586 } 1587 1588 if (smbadm_prop_validate(prop, parse_value) == B_FALSE) 1589 return (2); 1590 1591 return (0); 1592 } 1593 1594 static smbadm_prop_handle_t * 1595 smbadm_prop_gethandle(char *pname) 1596 { 1597 int i; 1598 1599 for (i = 0; i < SMBADM_NPROP; i++) 1600 if (strcmp(pname, smbadm_ptable[i].p_name) == 0) 1601 return (&smbadm_ptable[i]); 1602 1603 return (NULL); 1604 } 1605 1606 static int 1607 smbadm_setprop_desc(char *gname, smbadm_prop_t *prop) 1608 { 1609 int status; 1610 1611 status = smb_lgrp_setcmnt(gname, prop->p_value); 1612 if (status != SMB_LGRP_SUCCESS) { 1613 (void) fprintf(stderr, 1614 gettext("failed to modify the group description (%s)\n"), 1615 smb_lgrp_strerror(status)); 1616 return (1); 1617 } 1618 1619 (void) printf(gettext("%s: description modified\n"), gname); 1620 return (0); 1621 } 1622 1623 static int 1624 smbadm_getprop_desc(char *gname, smbadm_prop_t *prop) 1625 { 1626 char *cmnt = NULL; 1627 int status; 1628 1629 status = smb_lgrp_getcmnt(gname, &cmnt); 1630 if (status != SMB_LGRP_SUCCESS) { 1631 (void) fprintf(stderr, 1632 gettext("failed to get the group description (%s)\n"), 1633 smb_lgrp_strerror(status)); 1634 return (1); 1635 } 1636 1637 (void) printf(gettext("\t%s: %s\n"), prop->p_name, cmnt); 1638 free(cmnt); 1639 return (0); 1640 } 1641 1642 static int 1643 smbadm_group_setpriv(char *gname, uint8_t priv_id, smbadm_prop_t *prop) 1644 { 1645 boolean_t enable; 1646 int status; 1647 int ret; 1648 1649 if (strcasecmp(prop->p_value, "on") == 0) { 1650 (void) printf(gettext("Enabling %s privilege "), prop->p_name); 1651 enable = B_TRUE; 1652 } else { 1653 (void) printf(gettext("Disabling %s privilege "), prop->p_name); 1654 enable = B_FALSE; 1655 } 1656 1657 status = smb_lgrp_setpriv(gname, priv_id, enable); 1658 if (status == SMB_LGRP_SUCCESS) { 1659 (void) printf(gettext("succeeded\n")); 1660 ret = 0; 1661 } else { 1662 (void) printf(gettext("failed: %s\n"), 1663 smb_lgrp_strerror(status)); 1664 ret = 1; 1665 } 1666 1667 return (ret); 1668 } 1669 1670 static int 1671 smbadm_group_getpriv(char *gname, uint8_t priv_id, smbadm_prop_t *prop) 1672 { 1673 boolean_t enable; 1674 int status; 1675 1676 status = smb_lgrp_getpriv(gname, priv_id, &enable); 1677 if (status != SMB_LGRP_SUCCESS) { 1678 (void) fprintf(stderr, gettext("failed to get %s (%s)\n"), 1679 prop->p_name, smb_lgrp_strerror(status)); 1680 return (1); 1681 } 1682 1683 (void) printf(gettext("\t%s: %s\n"), prop->p_name, 1684 (enable) ? "On" : "Off"); 1685 1686 return (0); 1687 } 1688 1689 static int 1690 smbadm_setprop_tkowner(char *gname, smbadm_prop_t *prop) 1691 { 1692 return (smbadm_group_setpriv(gname, SE_TAKE_OWNERSHIP_LUID, prop)); 1693 } 1694 1695 static int 1696 smbadm_getprop_tkowner(char *gname, smbadm_prop_t *prop) 1697 { 1698 return (smbadm_group_getpriv(gname, SE_TAKE_OWNERSHIP_LUID, prop)); 1699 } 1700 1701 static int 1702 smbadm_setprop_backup(char *gname, smbadm_prop_t *prop) 1703 { 1704 return (smbadm_group_setpriv(gname, SE_BACKUP_LUID, prop)); 1705 } 1706 1707 static int 1708 smbadm_getprop_backup(char *gname, smbadm_prop_t *prop) 1709 { 1710 return (smbadm_group_getpriv(gname, SE_BACKUP_LUID, prop)); 1711 } 1712 1713 static int 1714 smbadm_setprop_restore(char *gname, smbadm_prop_t *prop) 1715 { 1716 return (smbadm_group_setpriv(gname, SE_RESTORE_LUID, prop)); 1717 } 1718 1719 static int 1720 smbadm_getprop_restore(char *gname, smbadm_prop_t *prop) 1721 { 1722 return (smbadm_group_getpriv(gname, SE_RESTORE_LUID, prop)); 1723 } 1724 1725 static boolean_t 1726 smbadm_chkprop_priv(smbadm_prop_t *prop) 1727 { 1728 if (prop->p_value == NULL || *prop->p_value == '\0') { 1729 (void) fprintf(stderr, 1730 gettext("missing value for '%s'\n"), prop->p_name); 1731 return (B_FALSE); 1732 } 1733 1734 if (strcasecmp(prop->p_value, "on") == 0) 1735 return (B_TRUE); 1736 1737 if (strcasecmp(prop->p_value, "off") == 0) 1738 return (B_TRUE); 1739 1740 (void) fprintf(stderr, 1741 gettext("%s: unrecognized value for '%s' property\n"), 1742 prop->p_value, prop->p_name); 1743 1744 return (B_FALSE); 1745 } 1746 1747 static const char * 1748 smbadm_pwd_strerror(int error) 1749 { 1750 switch (error) { 1751 case SMB_PWE_SUCCESS: 1752 return (gettext("Success.")); 1753 1754 case SMB_PWE_USER_UNKNOWN: 1755 return (gettext("User does not exist.")); 1756 1757 case SMB_PWE_USER_DISABLE: 1758 return (gettext("User is disabled.")); 1759 1760 case SMB_PWE_CLOSE_FAILED: 1761 case SMB_PWE_OPEN_FAILED: 1762 case SMB_PWE_WRITE_FAILED: 1763 case SMB_PWE_UPDATE_FAILED: 1764 return (gettext("Unexpected failure. " 1765 "SMB password database unchanged.")); 1766 1767 case SMB_PWE_STAT_FAILED: 1768 return (gettext("stat of SMB password file failed.")); 1769 1770 case SMB_PWE_BUSY: 1771 return (gettext("SMB password database busy. " 1772 "Try again later.")); 1773 1774 case SMB_PWE_DENIED: 1775 return (gettext("Operation not permitted.")); 1776 1777 case SMB_PWE_SYSTEM_ERROR: 1778 return (gettext("System error.")); 1779 1780 default: 1781 break; 1782 } 1783 1784 return (gettext("Unknown error code.")); 1785 } 1786 1787 /* 1788 * Enable libumem debugging by default on DEBUG builds. 1789 */ 1790 #ifdef DEBUG 1791 const char * 1792 _umem_debug_init(void) 1793 { 1794 return ("default,verbose"); /* $UMEM_DEBUG setting */ 1795 } 1796 1797 const char * 1798 _umem_logging_init(void) 1799 { 1800 return ("fail,contents"); /* $UMEM_LOGGING setting */ 1801 } 1802 #endif 1803