1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 22148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 230292c176SMatt Barden * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. 24da6c28aaSamw */ 25da6c28aaSamw 26da6c28aaSamw /* 27da6c28aaSamw * This module contains smbadm CLI which offers smb configuration 28da6c28aaSamw * functionalities. 29da6c28aaSamw */ 308d7e4166Sjose borrego #include <errno.h> 318d7e4166Sjose borrego #include <err.h> 328d7e4166Sjose borrego #include <ctype.h> 33da6c28aaSamw #include <stdlib.h> 3496a62adaSjoyce mcintosh #include <unistd.h> 35da6c28aaSamw #include <stdio.h> 36da6c28aaSamw #include <syslog.h> 37da6c28aaSamw #include <strings.h> 38da6c28aaSamw #include <limits.h> 39da6c28aaSamw #include <getopt.h> 40da6c28aaSamw #include <libintl.h> 41da6c28aaSamw #include <zone.h> 4296a62adaSjoyce mcintosh #include <pwd.h> 43da6c28aaSamw #include <grp.h> 44da6c28aaSamw #include <libgen.h> 45c8ec8eeaSjose borrego #include <netinet/in.h> 4696a62adaSjoyce mcintosh #include <auth_attr.h> 4796a62adaSjoyce mcintosh #include <locale.h> 48da6c28aaSamw #include <smbsrv/libsmb.h> 49b3700b07SGordon Ross #include <smbsrv/libsmbns.h> 50da6c28aaSamw 5196a62adaSjoyce mcintosh #if !defined(TEXT_DOMAIN) 5296a62adaSjoyce mcintosh #define TEXT_DOMAIN "SYS_TEST" 5396a62adaSjoyce mcintosh #endif 5496a62adaSjoyce mcintosh 55da6c28aaSamw typedef enum { 56da6c28aaSamw HELP_ADD_MEMBER, 57da6c28aaSamw HELP_CREATE, 58da6c28aaSamw HELP_DELETE, 59da6c28aaSamw HELP_DEL_MEMBER, 60da6c28aaSamw HELP_GET, 61da6c28aaSamw HELP_JOIN, 62da6c28aaSamw HELP_LIST, 6336a00406SGordon Ross HELP_LOOKUP, 64da6c28aaSamw HELP_RENAME, 65da6c28aaSamw HELP_SET, 66da6c28aaSamw HELP_SHOW, 673db3f65cSamw HELP_USER_DISABLE, 68ef4cfbfdSMatt Barden HELP_USER_ENABLE, 69ef4cfbfdSMatt Barden HELP_USER_DELETE 70da6c28aaSamw } smbadm_help_t; 71da6c28aaSamw 7296a62adaSjoyce mcintosh #define SMBADM_CMDF_NONE 0x00 733db3f65cSamw #define SMBADM_CMDF_USER 0x01 743db3f65cSamw #define SMBADM_CMDF_GROUP 0x02 753db3f65cSamw #define SMBADM_CMDF_TYPEMASK 0x0F 76faa1795aSjb 7736a00406SGordon Ross typedef enum { 7836a00406SGordon Ross SMBADM_GRP_ADDMEMBER = 0, 7936a00406SGordon Ross SMBADM_GRP_DELMEMBER, 8036a00406SGordon Ross } smbadm_grp_action_t; 8136a00406SGordon Ross 82c8ec8eeaSjose borrego #define SMBADM_ANSBUFSIZ 64 83c8ec8eeaSjose borrego 84da6c28aaSamw typedef struct smbadm_cmdinfo { 85da6c28aaSamw char *name; 86da6c28aaSamw int (*func)(int, char **); 87da6c28aaSamw smbadm_help_t usage; 88faa1795aSjb uint32_t flags; 8996a62adaSjoyce mcintosh char *auth; 90da6c28aaSamw } smbadm_cmdinfo_t; 91da6c28aaSamw 92da6c28aaSamw smbadm_cmdinfo_t *curcmd; 93da6c28aaSamw static char *progname; 94da6c28aaSamw 9596a62adaSjoyce mcintosh #define SMBADM_ACTION_AUTH "solaris.smf.manage.smb" 9696a62adaSjoyce mcintosh #define SMBADM_VALUE_AUTH "solaris.smf.value.smb" 9796a62adaSjoyce mcintosh #define SMBADM_BASIC_AUTH "solaris.network.hosts.read" 9896a62adaSjoyce mcintosh 9996a62adaSjoyce mcintosh static boolean_t smbadm_checkauth(const char *); 10096a62adaSjoyce mcintosh 1018d7e4166Sjose borrego static void smbadm_usage(boolean_t); 102b3700b07SGordon Ross static int smbadm_join_workgroup(const char *, boolean_t); 103b3700b07SGordon Ross static int smbadm_join_domain(const char *, const char *, boolean_t); 1048d7e4166Sjose borrego static void smbadm_extract_domain(char *, char **, char **); 1058d7e4166Sjose borrego 106da6c28aaSamw static int smbadm_join(int, char **); 107da6c28aaSamw static int smbadm_list(int, char **); 10836a00406SGordon Ross static int smbadm_lookup(int, char **); 10936a00406SGordon Ross static void smbadm_lookup_name(char *); 11036a00406SGordon Ross static void smbadm_lookup_sid(char *); 111da6c28aaSamw static int smbadm_group_create(int, char **); 112da6c28aaSamw static int smbadm_group_delete(int, char **); 113da6c28aaSamw static int smbadm_group_rename(int, char **); 114da6c28aaSamw static int smbadm_group_show(int, char **); 115fe1c642dSBill Krier static void smbadm_group_show_name(const char *, const char *); 116da6c28aaSamw static int smbadm_group_getprop(int, char **); 117da6c28aaSamw static int smbadm_group_setprop(int, char **); 118da6c28aaSamw static int smbadm_group_addmember(int, char **); 119da6c28aaSamw static int smbadm_group_delmember(int, char **); 12036a00406SGordon Ross static int smbadm_group_add_del_member(char *, char *, smbadm_grp_action_t); 12136a00406SGordon Ross 122ef4cfbfdSMatt Barden static int smbadm_user_delete(int, char **); 123da6c28aaSamw static int smbadm_user_disable(int, char **); 124da6c28aaSamw static int smbadm_user_enable(int, char **); 125da6c28aaSamw 126*bbf21555SRichard Lowe /* Please keep the order consistent with smbadm(8) man page */ 127da6c28aaSamw static smbadm_cmdinfo_t smbadm_cmdtable[] = 128da6c28aaSamw { 129faa1795aSjb { "create", smbadm_group_create, HELP_CREATE, 13096a62adaSjoyce mcintosh SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 131faa1795aSjb { "delete", smbadm_group_delete, HELP_DELETE, 13296a62adaSjoyce mcintosh SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 133959eaf32SYuri Pankov { "rename", smbadm_group_rename, HELP_RENAME, 134959eaf32SYuri Pankov SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 135959eaf32SYuri Pankov { "show", smbadm_group_show, HELP_SHOW, 136959eaf32SYuri Pankov SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 137959eaf32SYuri Pankov { "get", smbadm_group_getprop, HELP_GET, 138959eaf32SYuri Pankov SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 139959eaf32SYuri Pankov { "set", smbadm_group_setprop, HELP_SET, 140959eaf32SYuri Pankov SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 141959eaf32SYuri Pankov { "add-member", smbadm_group_addmember, HELP_ADD_MEMBER, 142959eaf32SYuri Pankov SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 143959eaf32SYuri Pankov { "remove-member", smbadm_group_delmember, HELP_DEL_MEMBER, 144959eaf32SYuri Pankov SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH }, 145ef4cfbfdSMatt Barden { "delete-user", smbadm_user_delete, HELP_USER_DELETE, 146ef4cfbfdSMatt Barden SMBADM_CMDF_USER, SMBADM_ACTION_AUTH }, 1473db3f65cSamw { "disable-user", smbadm_user_disable, HELP_USER_DISABLE, 14896a62adaSjoyce mcintosh SMBADM_CMDF_USER, SMBADM_ACTION_AUTH }, 1493db3f65cSamw { "enable-user", smbadm_user_enable, HELP_USER_ENABLE, 15096a62adaSjoyce mcintosh SMBADM_CMDF_USER, SMBADM_ACTION_AUTH }, 15196a62adaSjoyce mcintosh { "join", smbadm_join, HELP_JOIN, 15296a62adaSjoyce mcintosh SMBADM_CMDF_NONE, SMBADM_VALUE_AUTH }, 15396a62adaSjoyce mcintosh { "list", smbadm_list, HELP_LIST, 15496a62adaSjoyce mcintosh SMBADM_CMDF_NONE, SMBADM_BASIC_AUTH }, 15536a00406SGordon Ross { "lookup", smbadm_lookup, HELP_LOOKUP, 15636a00406SGordon Ross SMBADM_CMDF_NONE, SMBADM_BASIC_AUTH }, 157da6c28aaSamw }; 158da6c28aaSamw 159da6c28aaSamw #define SMBADM_NCMD (sizeof (smbadm_cmdtable) / sizeof (smbadm_cmdtable[0])) 160da6c28aaSamw 161da6c28aaSamw typedef struct smbadm_prop { 162da6c28aaSamw char *p_name; 163da6c28aaSamw char *p_value; 164da6c28aaSamw } smbadm_prop_t; 165da6c28aaSamw 166da6c28aaSamw typedef struct smbadm_prop_handle { 167da6c28aaSamw char *p_name; 168da6c28aaSamw char *p_dispvalue; 169da6c28aaSamw int (*p_setfn)(char *, smbadm_prop_t *); 170da6c28aaSamw int (*p_getfn)(char *, smbadm_prop_t *); 171da6c28aaSamw boolean_t (*p_chkfn)(smbadm_prop_t *); 172da6c28aaSamw } smbadm_prop_handle_t; 173da6c28aaSamw 174da6c28aaSamw static boolean_t smbadm_prop_validate(smbadm_prop_t *prop, boolean_t chkval); 175da6c28aaSamw static int smbadm_prop_parse(char *arg, smbadm_prop_t *prop); 176da6c28aaSamw static smbadm_prop_handle_t *smbadm_prop_gethandle(char *pname); 177da6c28aaSamw 178da6c28aaSamw static boolean_t smbadm_chkprop_priv(smbadm_prop_t *prop); 179da6c28aaSamw static int smbadm_setprop_tkowner(char *gname, smbadm_prop_t *prop); 180da6c28aaSamw static int smbadm_getprop_tkowner(char *gname, smbadm_prop_t *prop); 1810292c176SMatt Barden static int smbadm_setprop_readfile(char *gname, smbadm_prop_t *prop); 1820292c176SMatt Barden static int smbadm_getprop_readfile(char *gname, smbadm_prop_t *prop); 1830292c176SMatt Barden static int smbadm_setprop_writefile(char *gname, smbadm_prop_t *prop); 1840292c176SMatt Barden static int smbadm_getprop_writefile(char *gname, smbadm_prop_t *prop); 185da6c28aaSamw static int smbadm_setprop_backup(char *gname, smbadm_prop_t *prop); 186da6c28aaSamw static int smbadm_getprop_backup(char *gname, smbadm_prop_t *prop); 187da6c28aaSamw static int smbadm_setprop_restore(char *gname, smbadm_prop_t *prop); 188da6c28aaSamw static int smbadm_getprop_restore(char *gname, smbadm_prop_t *prop); 189da6c28aaSamw static int smbadm_setprop_desc(char *gname, smbadm_prop_t *prop); 190da6c28aaSamw static int smbadm_getprop_desc(char *gname, smbadm_prop_t *prop); 191da6c28aaSamw 192da6c28aaSamw static smbadm_prop_handle_t smbadm_ptable[] = { 193959eaf32SYuri Pankov {"backup", "on|off", smbadm_setprop_backup, 194ef4cfbfdSMatt Barden smbadm_getprop_backup, smbadm_chkprop_priv }, 195959eaf32SYuri Pankov {"restore", "on|off", smbadm_setprop_restore, 196da6c28aaSamw smbadm_getprop_restore, smbadm_chkprop_priv }, 197959eaf32SYuri Pankov {"take-ownership", "on|off", smbadm_setprop_tkowner, 198da6c28aaSamw smbadm_getprop_tkowner, smbadm_chkprop_priv }, 1990292c176SMatt Barden {"bypass-read", "on|off", smbadm_setprop_readfile, 2000292c176SMatt Barden smbadm_getprop_readfile, smbadm_chkprop_priv }, 2010292c176SMatt Barden {"bypass-write", "on|off", smbadm_setprop_writefile, 2020292c176SMatt Barden smbadm_getprop_writefile, smbadm_chkprop_priv }, 203da6c28aaSamw {"description", "<string>", smbadm_setprop_desc, 204da6c28aaSamw smbadm_getprop_desc, NULL }, 205da6c28aaSamw }; 206da6c28aaSamw 2073db3f65cSamw static int smbadm_init(void); 2083db3f65cSamw static void smbadm_fini(void); 209da6c28aaSamw static const char *smbadm_pwd_strerror(int error); 210da6c28aaSamw 211da6c28aaSamw /* 212da6c28aaSamw * Number of supported properties 213da6c28aaSamw */ 214da6c28aaSamw #define SMBADM_NPROP (sizeof (smbadm_ptable) / sizeof (smbadm_ptable[0])) 215da6c28aaSamw 216da6c28aaSamw static void 217da6c28aaSamw smbadm_cmdusage(FILE *fp, smbadm_cmdinfo_t *cmd) 218da6c28aaSamw { 219da6c28aaSamw switch (cmd->usage) { 220da6c28aaSamw case HELP_ADD_MEMBER: 221da6c28aaSamw (void) fprintf(fp, 222959eaf32SYuri Pankov gettext("\t%s -m <member> [-m <member>]... <group>\n"), 223da6c28aaSamw cmd->name); 224da6c28aaSamw return; 225da6c28aaSamw 226da6c28aaSamw case HELP_CREATE: 227959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s [-d <description>] <group>\n"), 228da6c28aaSamw cmd->name); 229da6c28aaSamw return; 230da6c28aaSamw 231da6c28aaSamw case HELP_DELETE: 232959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s <group>\n"), cmd->name); 233da6c28aaSamw return; 234da6c28aaSamw 235ef4cfbfdSMatt Barden case HELP_USER_DELETE: 2363db3f65cSamw case HELP_USER_DISABLE: 2373db3f65cSamw case HELP_USER_ENABLE: 238959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s <username>\n"), cmd->name); 239da6c28aaSamw return; 240da6c28aaSamw 241da6c28aaSamw case HELP_GET: 242959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s [-p <property>]... <group>\n"), 243da6c28aaSamw cmd->name); 244da6c28aaSamw return; 245da6c28aaSamw 246da6c28aaSamw case HELP_JOIN: 247959eaf32SYuri Pankov #if 0 /* Don't document "-p" yet, still needs work (NEX-11960) */ 248959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s [-y] -p <domain>\n" 249959eaf32SYuri Pankov "\t%s [-y] -u <username domain>\n" 250959eaf32SYuri Pankov "\t%s [-y] -w <workgroup>\n"), 2511ed6b69aSGordon Ross cmd->name, cmd->name, cmd->name); 2521ed6b69aSGordon Ross #else 253959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s [-y] -u <username> <domain>\n" 254959eaf32SYuri Pankov "\t%s [-y] -w <workgroup>\n"), cmd->name, cmd->name); 2551ed6b69aSGordon Ross #endif 256da6c28aaSamw return; 257da6c28aaSamw 258da6c28aaSamw case HELP_LIST: 259da6c28aaSamw (void) fprintf(fp, gettext("\t%s\n"), cmd->name); 260da6c28aaSamw return; 261da6c28aaSamw 26236a00406SGordon Ross case HELP_LOOKUP: 26336a00406SGordon Ross (void) fprintf(fp, 264959eaf32SYuri Pankov gettext("\t%s <account-name>\n"), 26536a00406SGordon Ross cmd->name); 26636a00406SGordon Ross return; 26736a00406SGordon Ross 268da6c28aaSamw case HELP_DEL_MEMBER: 269da6c28aaSamw (void) fprintf(fp, 270959eaf32SYuri Pankov gettext("\t%s -m <member> [-m <member>]... <group>\n"), 271da6c28aaSamw cmd->name); 272da6c28aaSamw return; 273da6c28aaSamw 274da6c28aaSamw case HELP_RENAME: 275959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s <group> <new-group>\n"), 276da6c28aaSamw cmd->name); 277da6c28aaSamw return; 278da6c28aaSamw 279da6c28aaSamw case HELP_SET: 280959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s -p <property>=<value> " 281959eaf32SYuri Pankov "[-p <property>=<value>]... <group>\n"), cmd->name); 282da6c28aaSamw return; 283da6c28aaSamw 284da6c28aaSamw case HELP_SHOW: 285959eaf32SYuri Pankov (void) fprintf(fp, gettext("\t%s [-mp] [<group>]\n"), 286da6c28aaSamw cmd->name); 287da6c28aaSamw return; 288da6c28aaSamw 2893db3f65cSamw default: 2903db3f65cSamw break; 291da6c28aaSamw } 292da6c28aaSamw 293da6c28aaSamw abort(); 294da6c28aaSamw /* NOTREACHED */ 295da6c28aaSamw } 296da6c28aaSamw 297da6c28aaSamw static void 298da6c28aaSamw smbadm_usage(boolean_t requested) 299da6c28aaSamw { 300da6c28aaSamw FILE *fp = requested ? stdout : stderr; 301da6c28aaSamw boolean_t show_props = B_FALSE; 302da6c28aaSamw int i; 303da6c28aaSamw 304da6c28aaSamw if (curcmd == NULL) { 305da6c28aaSamw (void) fprintf(fp, 306959eaf32SYuri Pankov gettext("usage: %s <subcommand> <args> ...\n"), 307da6c28aaSamw progname); 308da6c28aaSamw 309da6c28aaSamw for (i = 0; i < SMBADM_NCMD; i++) 310da6c28aaSamw smbadm_cmdusage(fp, &smbadm_cmdtable[i]); 311da6c28aaSamw 312da6c28aaSamw (void) fprintf(fp, 313da6c28aaSamw gettext("\nFor property list, run %s %s|%s\n"), 314da6c28aaSamw progname, "get", "set"); 315da6c28aaSamw 316da6c28aaSamw exit(requested ? 0 : 2); 317da6c28aaSamw } 318da6c28aaSamw 319da6c28aaSamw (void) fprintf(fp, gettext("usage:\n")); 320da6c28aaSamw smbadm_cmdusage(fp, curcmd); 321da6c28aaSamw 322da6c28aaSamw if (strcmp(curcmd->name, "get") == 0 || 323da6c28aaSamw strcmp(curcmd->name, "set") == 0) 324da6c28aaSamw show_props = B_TRUE; 325da6c28aaSamw 326da6c28aaSamw if (show_props) { 327da6c28aaSamw (void) fprintf(fp, 328da6c28aaSamw gettext("\nThe following properties are supported:\n")); 329da6c28aaSamw 330da6c28aaSamw (void) fprintf(fp, "\n\t%-16s %s\n\n", 331da6c28aaSamw "PROPERTY", "VALUES"); 332da6c28aaSamw 333da6c28aaSamw for (i = 0; i < SMBADM_NPROP; i++) { 334da6c28aaSamw (void) fprintf(fp, "\t%-16s %s\n", 335da6c28aaSamw smbadm_ptable[i].p_name, 336da6c28aaSamw smbadm_ptable[i].p_dispvalue); 337da6c28aaSamw } 338da6c28aaSamw } 339da6c28aaSamw 340da6c28aaSamw exit(requested ? 0 : 2); 341da6c28aaSamw } 342da6c28aaSamw 343c8ec8eeaSjose borrego /* 344c8ec8eeaSjose borrego * smbadm_strcasecmplist 345c8ec8eeaSjose borrego * 346c8ec8eeaSjose borrego * Find a string 's' within a list of strings. 347c8ec8eeaSjose borrego * 348c8ec8eeaSjose borrego * Returns the index of the matching string or -1 if there is no match. 349c8ec8eeaSjose borrego */ 350c8ec8eeaSjose borrego static int 351c8ec8eeaSjose borrego smbadm_strcasecmplist(const char *s, ...) 352c8ec8eeaSjose borrego { 353c8ec8eeaSjose borrego va_list ap; 354c8ec8eeaSjose borrego char *p; 355c8ec8eeaSjose borrego int ndx; 356c8ec8eeaSjose borrego 357c8ec8eeaSjose borrego va_start(ap, s); 358c8ec8eeaSjose borrego 359c8ec8eeaSjose borrego for (ndx = 0; ((p = va_arg(ap, char *)) != NULL); ++ndx) { 360c8ec8eeaSjose borrego if (strcasecmp(s, p) == 0) { 361c8ec8eeaSjose borrego va_end(ap); 362c8ec8eeaSjose borrego return (ndx); 363c8ec8eeaSjose borrego } 364c8ec8eeaSjose borrego } 365c8ec8eeaSjose borrego 366c8ec8eeaSjose borrego va_end(ap); 367c8ec8eeaSjose borrego return (-1); 368c8ec8eeaSjose borrego } 369c8ec8eeaSjose borrego 370c8ec8eeaSjose borrego /* 371c8ec8eeaSjose borrego * smbadm_answer_prompt 372c8ec8eeaSjose borrego * 373c8ec8eeaSjose borrego * Prompt for the answer to a question. A default response must be 374c8ec8eeaSjose borrego * specified, which will be used if the user presses <enter> without 375c8ec8eeaSjose borrego * answering the question. 376c8ec8eeaSjose borrego */ 377c8ec8eeaSjose borrego static int 378c8ec8eeaSjose borrego smbadm_answer_prompt(const char *prompt, char *answer, const char *dflt) 379c8ec8eeaSjose borrego { 380c8ec8eeaSjose borrego char buf[SMBADM_ANSBUFSIZ]; 381c8ec8eeaSjose borrego char *p; 382c8ec8eeaSjose borrego 383c8ec8eeaSjose borrego (void) printf(gettext("%s [%s]: "), prompt, dflt); 384c8ec8eeaSjose borrego 385c8ec8eeaSjose borrego if (fgets(buf, SMBADM_ANSBUFSIZ, stdin) == NULL) 386c8ec8eeaSjose borrego return (-1); 387c8ec8eeaSjose borrego 388c8ec8eeaSjose borrego if ((p = strchr(buf, '\n')) != NULL) 389c8ec8eeaSjose borrego *p = '\0'; 390c8ec8eeaSjose borrego 391c8ec8eeaSjose borrego if (*buf == '\0') 392c8ec8eeaSjose borrego (void) strlcpy(answer, dflt, SMBADM_ANSBUFSIZ); 393c8ec8eeaSjose borrego else 394c8ec8eeaSjose borrego (void) strlcpy(answer, buf, SMBADM_ANSBUFSIZ); 395c8ec8eeaSjose borrego 396c8ec8eeaSjose borrego return (0); 397c8ec8eeaSjose borrego } 398c8ec8eeaSjose borrego 399c8ec8eeaSjose borrego /* 400c8ec8eeaSjose borrego * smbadm_confirm 401c8ec8eeaSjose borrego * 402c8ec8eeaSjose borrego * Ask a question that requires a yes/no answer. 403c8ec8eeaSjose borrego * A default response must be specified. 404c8ec8eeaSjose borrego */ 405c8ec8eeaSjose borrego static boolean_t 406c8ec8eeaSjose borrego smbadm_confirm(const char *prompt, const char *dflt) 407c8ec8eeaSjose borrego { 408c8ec8eeaSjose borrego char buf[SMBADM_ANSBUFSIZ]; 409c8ec8eeaSjose borrego 410c8ec8eeaSjose borrego for (;;) { 411c8ec8eeaSjose borrego if (smbadm_answer_prompt(prompt, buf, dflt) < 0) 412c8ec8eeaSjose borrego return (B_FALSE); 413c8ec8eeaSjose borrego 414c8ec8eeaSjose borrego if (smbadm_strcasecmplist(buf, "n", "no", 0) >= 0) 415c8ec8eeaSjose borrego return (B_FALSE); 416c8ec8eeaSjose borrego 417c8ec8eeaSjose borrego if (smbadm_strcasecmplist(buf, "y", "yes", 0) >= 0) 418c8ec8eeaSjose borrego return (B_TRUE); 419c8ec8eeaSjose borrego 420c8ec8eeaSjose borrego (void) printf(gettext("Please answer yes or no.\n")); 421c8ec8eeaSjose borrego } 422c8ec8eeaSjose borrego } 423c8ec8eeaSjose borrego 424c8ec8eeaSjose borrego static boolean_t 4258d7e4166Sjose borrego smbadm_join_prompt(const char *domain) 426c8ec8eeaSjose borrego { 4278d7e4166Sjose borrego (void) printf(gettext("After joining %s the smb service will be " 4288d7e4166Sjose borrego "restarted automatically.\n"), domain); 429c8ec8eeaSjose borrego 4308d7e4166Sjose borrego return (smbadm_confirm("Would you like to continue?", "no")); 4318d7e4166Sjose borrego } 4328d96b23eSAlan Wright 4338d7e4166Sjose borrego static void 4348d7e4166Sjose borrego smbadm_restart_service(void) 4358d7e4166Sjose borrego { 4368d7e4166Sjose borrego if (smb_smf_restart_service() != 0) { 4378d7e4166Sjose borrego (void) fprintf(stderr, 4388d7e4166Sjose borrego gettext("Unable to restart smb service. " 4398d7e4166Sjose borrego "Run 'svcs -xv smb/server' for more information.")); 440c8ec8eeaSjose borrego } 441c8ec8eeaSjose borrego } 442c8ec8eeaSjose borrego 443da6c28aaSamw /* 444da6c28aaSamw * smbadm_join 445da6c28aaSamw * 4468d7e4166Sjose borrego * Join a domain or workgroup. 4478d7e4166Sjose borrego * 4488d7e4166Sjose borrego * When joining a domain, we may receive the username, password and 4498d7e4166Sjose borrego * domain name in any of the following combinations. Note that the 4508d7e4166Sjose borrego * password is optional on the command line: if it is not provided, 4518d7e4166Sjose borrego * we will prompt for it later. 4528d7e4166Sjose borrego * 4538d7e4166Sjose borrego * username+password domain 4548d7e4166Sjose borrego * domain\username+password 4558d7e4166Sjose borrego * domain/username+password 4568d7e4166Sjose borrego * username@domain 4578d7e4166Sjose borrego * 4588d7e4166Sjose borrego * We allow domain\name+password or domain/name+password but not 4598d7e4166Sjose borrego * name+password@domain because @ is a valid password character. 4608d7e4166Sjose borrego * 4618d7e4166Sjose borrego * If the username and domain name are passed as separate command 4628d7e4166Sjose borrego * line arguments, we process them directly. Otherwise we separate 4638d7e4166Sjose borrego * them and continue as if they were separate command line arguments. 464da6c28aaSamw */ 465da6c28aaSamw static int 466da6c28aaSamw smbadm_join(int argc, char **argv) 467da6c28aaSamw { 4688d7e4166Sjose borrego char buf[MAXHOSTNAMELEN * 2]; 4698d7e4166Sjose borrego char *domain = NULL; 4708d7e4166Sjose borrego char *username = NULL; 4718d7e4166Sjose borrego uint32_t mode = 0; 472b3700b07SGordon Ross boolean_t do_prompt = B_TRUE; 473da6c28aaSamw char option; 474da6c28aaSamw 475b3700b07SGordon Ross while ((option = getopt(argc, argv, "pu:wy")) != -1) { 4761ed6b69aSGordon Ross if (mode != 0) { 4771ed6b69aSGordon Ross (void) fprintf(stderr, gettext( 4781ed6b69aSGordon Ross "join options are mutually exclusive\n")); 4791ed6b69aSGordon Ross smbadm_usage(B_FALSE); 4801ed6b69aSGordon Ross } 481da6c28aaSamw switch (option) { 4821ed6b69aSGordon Ross case 'p': 4831ed6b69aSGordon Ross mode = SMB_SECMODE_DOMAIN; 4841ed6b69aSGordon Ross /* leave username = NULL */ 485da6c28aaSamw break; 486da6c28aaSamw 487da6c28aaSamw case 'u': 4888d7e4166Sjose borrego mode = SMB_SECMODE_DOMAIN; 4898d7e4166Sjose borrego username = optarg; 4901ed6b69aSGordon Ross break; 4918d7e4166Sjose borrego 4921ed6b69aSGordon Ross case 'w': 4931ed6b69aSGordon Ross mode = SMB_SECMODE_WORKGRP; 494da6c28aaSamw break; 495da6c28aaSamw 496b3700b07SGordon Ross case 'y': 497b3700b07SGordon Ross do_prompt = B_FALSE; 498b3700b07SGordon Ross break; 499b3700b07SGordon Ross 500da6c28aaSamw default: 501da6c28aaSamw smbadm_usage(B_FALSE); 5028d7e4166Sjose borrego break; 503da6c28aaSamw } 504da6c28aaSamw } 505da6c28aaSamw 5061ed6b69aSGordon Ross if (optind < argc) 5071ed6b69aSGordon Ross domain = argv[optind]; 5081ed6b69aSGordon Ross 5091ed6b69aSGordon Ross if (username != NULL && domain == NULL) { 5101ed6b69aSGordon Ross /* 5111ed6b69aSGordon Ross * The domain was not specified as a separate 5121ed6b69aSGordon Ross * argument, check for the combination forms. 5131ed6b69aSGordon Ross */ 5141ed6b69aSGordon Ross (void) strlcpy(buf, username, sizeof (buf)); 5151ed6b69aSGordon Ross smbadm_extract_domain(buf, &username, &domain); 5161ed6b69aSGordon Ross } 5171ed6b69aSGordon Ross 5188d7e4166Sjose borrego if ((domain == NULL) || (*domain == '\0')) { 5198d7e4166Sjose borrego (void) fprintf(stderr, gettext("missing %s name\n"), 5208d7e4166Sjose borrego (mode == SMB_SECMODE_WORKGRP) ? "workgroup" : "domain"); 521da6c28aaSamw smbadm_usage(B_FALSE); 522da6c28aaSamw } 523da6c28aaSamw 5241ed6b69aSGordon Ross if (mode == SMB_SECMODE_WORKGRP) { 525b3700b07SGordon Ross return (smbadm_join_workgroup(domain, do_prompt)); 5261ed6b69aSGordon Ross } 527b3700b07SGordon Ross return (smbadm_join_domain(domain, username, do_prompt)); 5288d7e4166Sjose borrego } 529da6c28aaSamw 5308d7e4166Sjose borrego /* 5318d7e4166Sjose borrego * Workgroups comprise a collection of standalone, independently administered 5328d7e4166Sjose borrego * computers that use a common workgroup name. This is a peer-to-peer model 5338d7e4166Sjose borrego * with no formal membership mechanism. 5348d7e4166Sjose borrego */ 5358d7e4166Sjose borrego static int 536b3700b07SGordon Ross smbadm_join_workgroup(const char *workgroup, boolean_t prompt) 5378d7e4166Sjose borrego { 5388d7e4166Sjose borrego smb_joininfo_t jdi; 539b3700b07SGordon Ross smb_joinres_t jdres; 5408d7e4166Sjose borrego uint32_t status; 5418d7e4166Sjose borrego 542b3700b07SGordon Ross bzero(&jdres, sizeof (jdres)); 5438d7e4166Sjose borrego bzero(&jdi, sizeof (jdi)); 5448d7e4166Sjose borrego jdi.mode = SMB_SECMODE_WORKGRP; 5458d7e4166Sjose borrego (void) strlcpy(jdi.domain_name, workgroup, sizeof (jdi.domain_name)); 5468d7e4166Sjose borrego (void) strtrim(jdi.domain_name, " \t\n"); 5478d7e4166Sjose borrego 548fe1c642dSBill Krier if (smb_name_validate_workgroup(jdi.domain_name) != ERROR_SUCCESS) { 5498d7e4166Sjose borrego (void) fprintf(stderr, gettext("workgroup name is invalid\n")); 550da6c28aaSamw smbadm_usage(B_FALSE); 551da6c28aaSamw } 552da6c28aaSamw 553b3700b07SGordon Ross if (prompt && !smbadm_join_prompt(jdi.domain_name)) 5548d7e4166Sjose borrego return (0); 5558d7e4166Sjose borrego 556b3700b07SGordon Ross if ((status = smb_join(&jdi, &jdres)) != NT_STATUS_SUCCESS) { 5578d7e4166Sjose borrego (void) fprintf(stderr, gettext("failed to join %s: %s\n"), 5588d7e4166Sjose borrego jdi.domain_name, xlate_nt_status(status)); 5598d7e4166Sjose borrego return (1); 560da6c28aaSamw } 561da6c28aaSamw 5628d7e4166Sjose borrego (void) printf(gettext("Successfully joined %s\n"), jdi.domain_name); 5638d7e4166Sjose borrego smbadm_restart_service(); 5648d7e4166Sjose borrego return (0); 5658d7e4166Sjose borrego } 566c8ec8eeaSjose borrego 5678d7e4166Sjose borrego /* 5688d7e4166Sjose borrego * Domains comprise a centrally administered group of computers and accounts 5698d7e4166Sjose borrego * that share a common security and administration policy and database. 5708d7e4166Sjose borrego * Computers must join a domain and become domain members, which requires 5718d7e4166Sjose borrego * an administrator level account name. 5728d7e4166Sjose borrego * 5738d7e4166Sjose borrego * The '+' character is invalid within a username. We allow the password 5748d7e4166Sjose borrego * to be appended to the username using '+' as a scripting convenience. 5758d7e4166Sjose borrego */ 5768d7e4166Sjose borrego static int 577b3700b07SGordon Ross smbadm_join_domain(const char *domain, const char *username, boolean_t prompt) 5788d7e4166Sjose borrego { 5798d7e4166Sjose borrego smb_joininfo_t jdi; 580b3700b07SGordon Ross smb_joinres_t jdres; 581b3700b07SGordon Ross char *passwd_prompt; 5828d7e4166Sjose borrego char *p; 583b3700b07SGordon Ross int len, rc; 584c8ec8eeaSjose borrego 585b3700b07SGordon Ross bzero(&jdres, sizeof (jdres)); 5868d7e4166Sjose borrego bzero(&jdi, sizeof (jdi)); 5878d7e4166Sjose borrego jdi.mode = SMB_SECMODE_DOMAIN; 5888d7e4166Sjose borrego (void) strlcpy(jdi.domain_name, domain, sizeof (jdi.domain_name)); 5898d7e4166Sjose borrego (void) strtrim(jdi.domain_name, " \t\n"); 590c8ec8eeaSjose borrego 591fe1c642dSBill Krier if (smb_name_validate_domain(jdi.domain_name) != ERROR_SUCCESS) { 5928d7e4166Sjose borrego (void) fprintf(stderr, gettext("domain name is invalid\n")); 5938d7e4166Sjose borrego smbadm_usage(B_FALSE); 5948d7e4166Sjose borrego } 595c8ec8eeaSjose borrego 596b3700b07SGordon Ross if (prompt && !smbadm_join_prompt(jdi.domain_name)) 5978d7e4166Sjose borrego return (0); 598c8ec8eeaSjose borrego 5991ed6b69aSGordon Ross /* 6001ed6b69aSGordon Ross * Note: username is null for "unsecure join" 6011ed6b69aSGordon Ross * (join using a pre-created computer account) 6021ed6b69aSGordon Ross * No password either. 6031ed6b69aSGordon Ross */ 6041ed6b69aSGordon Ross if (username != NULL) { 6051ed6b69aSGordon Ross if ((p = strchr(username, '+')) != NULL) { 6061ed6b69aSGordon Ross ++p; 607da6c28aaSamw 6081ed6b69aSGordon Ross len = (int)(p - username); 6091ed6b69aSGordon Ross if (len > sizeof (jdi.domain_name)) 6101ed6b69aSGordon Ross len = sizeof (jdi.domain_name); 611da6c28aaSamw 6121ed6b69aSGordon Ross (void) strlcpy(jdi.domain_username, username, len); 6131ed6b69aSGordon Ross (void) strlcpy(jdi.domain_passwd, p, 6141ed6b69aSGordon Ross sizeof (jdi.domain_passwd)); 6151ed6b69aSGordon Ross } else { 6161ed6b69aSGordon Ross (void) strlcpy(jdi.domain_username, username, 6171ed6b69aSGordon Ross sizeof (jdi.domain_username)); 6181ed6b69aSGordon Ross } 6198d7e4166Sjose borrego 6201ed6b69aSGordon Ross if (smb_name_validate_account(jdi.domain_username) 6211ed6b69aSGordon Ross != ERROR_SUCCESS) { 6221ed6b69aSGordon Ross (void) fprintf(stderr, 6231ed6b69aSGordon Ross gettext("username contains invalid characters\n")); 624da6c28aaSamw smbadm_usage(B_FALSE); 625da6c28aaSamw } 626da6c28aaSamw 6271ed6b69aSGordon Ross if (*jdi.domain_passwd == '\0') { 628b3700b07SGordon Ross passwd_prompt = gettext("Enter domain password: "); 6291ed6b69aSGordon Ross 630b3700b07SGordon Ross if ((p = getpassphrase(passwd_prompt)) == NULL) { 6311ed6b69aSGordon Ross (void) fprintf(stderr, gettext( 6321ed6b69aSGordon Ross "missing password\n")); 6331ed6b69aSGordon Ross smbadm_usage(B_FALSE); 6341ed6b69aSGordon Ross } 6351ed6b69aSGordon Ross 6361ed6b69aSGordon Ross (void) strlcpy(jdi.domain_passwd, p, 6371ed6b69aSGordon Ross sizeof (jdi.domain_passwd)); 6381ed6b69aSGordon Ross } 639da6c28aaSamw } 640da6c28aaSamw 6418d7e4166Sjose borrego (void) printf(gettext("Joining %s ... this may take a minute ...\n"), 642da6c28aaSamw jdi.domain_name); 643da6c28aaSamw 644b3700b07SGordon Ross rc = smb_join(&jdi, &jdres); 645b3700b07SGordon Ross if (rc != 0) { 646b3700b07SGordon Ross (void) printf(gettext("Cannot call the SMB service. " 647b3700b07SGordon Ross " (error %d: %s) " 648b3700b07SGordon Ross "Please check the service status " 649b3700b07SGordon Ross "(svcs -vx network/smb/server)\n"), 650b3700b07SGordon Ross rc, strerror(rc)); 651b3700b07SGordon Ross bzero(&jdi, sizeof (jdi)); 652b3700b07SGordon Ross return (1); 653b3700b07SGordon Ross } 654da6c28aaSamw 655b3700b07SGordon Ross switch (jdres.status) { 656da6c28aaSamw case NT_STATUS_SUCCESS: 657b3700b07SGordon Ross (void) printf(gettext( 658b3700b07SGordon Ross "Successfully joined domain %s using AD server %s\n"), 659b3700b07SGordon Ross jdi.domain_name, jdres.dc_name); 6608d7e4166Sjose borrego bzero(&jdi, sizeof (jdi)); 6618d7e4166Sjose borrego smbadm_restart_service(); 662da6c28aaSamw return (0); 663da6c28aaSamw 664da6c28aaSamw case NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND: 665b3700b07SGordon Ross /* See: smb_ads_lookup_msdcs */ 666b3700b07SGordon Ross (void) fprintf(stderr, gettext( 667b3700b07SGordon Ross "failed to find any AD servers for domain: %s\n"), 668da6c28aaSamw jdi.domain_name); 669b3700b07SGordon Ross goto common; 670da6c28aaSamw 6711ed6b69aSGordon Ross case NT_STATUS_BAD_NETWORK_PATH: 672b3700b07SGordon Ross /* See: smbrdr_ctx_new / smb_ctx_resolve */ 673b3700b07SGordon Ross (void) fprintf(stderr, gettext( 674b3700b07SGordon Ross "failed to resolve address of AD server: %s\n"), 675b3700b07SGordon Ross jdres.dc_name); 676b3700b07SGordon Ross goto common; 6771ed6b69aSGordon Ross 6781ed6b69aSGordon Ross case NT_STATUS_NETWORK_ACCESS_DENIED: 679b3700b07SGordon Ross /* See: smbrdr_ctx_new / smb_ctx_get_ssn */ 680b3700b07SGordon Ross (void) fprintf(stderr, gettext( 681b3700b07SGordon Ross "failed to authenticate with AD server: %s\n"), 682b3700b07SGordon Ross jdres.dc_name); 683b3700b07SGordon Ross goto common; 684b3700b07SGordon Ross 6851ed6b69aSGordon Ross case NT_STATUS_BAD_NETWORK_NAME: 686b3700b07SGordon Ross /* 687b3700b07SGordon Ross * See: smbrdr_ctx_new / smb_ctx_get_tree 688b3700b07SGordon Ross * and: ndr_rpc_bind / smb_fh_open 689b3700b07SGordon Ross */ 690b3700b07SGordon Ross (void) fprintf(stderr, gettext( 691b3700b07SGordon Ross "failed connecting to services on AD server: %s\n"), 692b3700b07SGordon Ross jdres.dc_name); 693b3700b07SGordon Ross goto common; 6941ed6b69aSGordon Ross 695da6c28aaSamw default: 696b3700b07SGordon Ross (void) fprintf(stderr, gettext( 697b3700b07SGordon Ross "failed to join domain %s\n"), 698b3700b07SGordon Ross jdi.domain_name); 699b3700b07SGordon Ross if (jdres.dc_name[0] != '\0') { 700b3700b07SGordon Ross (void) fprintf(stderr, gettext( 701b3700b07SGordon Ross "using AD server: %s\n"), 702b3700b07SGordon Ross jdres.dc_name); 703b3700b07SGordon Ross } 704b3700b07SGordon Ross /* FALLTHROUGH */ 705b3700b07SGordon Ross common: 706b3700b07SGordon Ross if (jdres.join_err != 0) { 707b3700b07SGordon Ross (void) fprintf(stderr, "%s\n", 708b3700b07SGordon Ross smb_ads_strerror(jdres.join_err)); 709b3700b07SGordon Ross } else if (jdres.status != 0) { 710b3700b07SGordon Ross (void) fprintf(stderr, "(%s)\n", 711b3700b07SGordon Ross xlate_nt_status(jdres.status)); 712b3700b07SGordon Ross } 713b3700b07SGordon Ross (void) fprintf(stderr, gettext("Please refer to the " 714b3700b07SGordon Ross "service log for more information.\n")); 7158d7e4166Sjose borrego bzero(&jdi, sizeof (jdi)); 7168d7e4166Sjose borrego return (1); 7178d7e4166Sjose borrego } 7188d7e4166Sjose borrego } 7198d7e4166Sjose borrego 7208d7e4166Sjose borrego /* 7218d7e4166Sjose borrego * We want to process the user and domain names as separate strings. 7228d7e4166Sjose borrego * Check for names of the forms below and separate the components as 7238d7e4166Sjose borrego * required. 7248d7e4166Sjose borrego * 7258d7e4166Sjose borrego * name@domain 7268d7e4166Sjose borrego * domain\name 7278d7e4166Sjose borrego * domain/name 7288d7e4166Sjose borrego * 7298d7e4166Sjose borrego * If we encounter any of the forms above in arg, the @, / or \ 7308d7e4166Sjose borrego * separator is replaced by \0 and the username and domain pointers 7318d7e4166Sjose borrego * are changed to point to the appropriate components (in arg). 7328d7e4166Sjose borrego * 7338d7e4166Sjose borrego * If none of the separators are encountered, the username and domain 7348d7e4166Sjose borrego * pointers remain unchanged. 7358d7e4166Sjose borrego */ 7368d7e4166Sjose borrego static void 7378d7e4166Sjose borrego smbadm_extract_domain(char *arg, char **username, char **domain) 7388d7e4166Sjose borrego { 7398d7e4166Sjose borrego char *p; 7408d7e4166Sjose borrego 7418d7e4166Sjose borrego if ((p = strpbrk(arg, "/\\@")) != NULL) { 7428d7e4166Sjose borrego if (*p == '@') { 7438d7e4166Sjose borrego *p = '\0'; 7448d7e4166Sjose borrego ++p; 7458d7e4166Sjose borrego 7468d7e4166Sjose borrego if (strchr(arg, '+') != NULL) 7478d7e4166Sjose borrego return; 7488d7e4166Sjose borrego 7498d7e4166Sjose borrego *domain = p; 7508d7e4166Sjose borrego *username = arg; 7518d7e4166Sjose borrego } else { 7528d7e4166Sjose borrego *p = '\0'; 7538d7e4166Sjose borrego ++p; 7548d7e4166Sjose borrego *username = p; 7558d7e4166Sjose borrego *domain = arg; 7568d7e4166Sjose borrego } 7578d7e4166Sjose borrego } 7588d7e4166Sjose borrego } 7598d7e4166Sjose borrego 760da6c28aaSamw /* 761da6c28aaSamw * smbadm_list 762da6c28aaSamw * 763da6c28aaSamw * Displays current security mode and domain/workgroup name. 764da6c28aaSamw */ 765da6c28aaSamw /*ARGSUSED*/ 766da6c28aaSamw static int 767da6c28aaSamw smbadm_list(int argc, char **argv) 768da6c28aaSamw { 769faa1795aSjb char domain[MAXHOSTNAMELEN]; 7708d7e4166Sjose borrego char fqdn[MAXHOSTNAMELEN]; 7718d7e4166Sjose borrego char srvname[MAXHOSTNAMELEN]; 772faa1795aSjb char modename[16]; 773faa1795aSjb int rc; 7747f667e74Sjose borrego smb_inaddr_t srvipaddr; 775c8ec8eeaSjose borrego char ipstr[INET6_ADDRSTRLEN]; 776da6c28aaSamw 777faa1795aSjb rc = smb_config_getstr(SMB_CI_SECURITY, modename, sizeof (modename)); 778faa1795aSjb if (rc != SMBD_SMF_OK) { 779da6c28aaSamw (void) fprintf(stderr, 78089dc44ceSjose borrego gettext("cannot determine the operational mode\n")); 781da6c28aaSamw return (1); 782da6c28aaSamw } 783da6c28aaSamw 784faa1795aSjb if (smb_getdomainname(domain, sizeof (domain)) != 0) { 785faa1795aSjb (void) fprintf(stderr, gettext("failed to get the %s name\n"), 786faa1795aSjb modename); 787da6c28aaSamw return (1); 788da6c28aaSamw } 78989dc44ceSjose borrego 790c8ec8eeaSjose borrego if (strcmp(modename, "workgroup") == 0) { 79189dc44ceSjose borrego (void) printf(gettext("[*] [%s]\n"), domain); 792c8ec8eeaSjose borrego return (0); 793c8ec8eeaSjose borrego } 79489dc44ceSjose borrego 79589dc44ceSjose borrego (void) printf(gettext("[*] [%s]\n"), domain); 7968d7e4166Sjose borrego if ((smb_getfqdomainname(fqdn, sizeof (fqdn)) == 0) && (*fqdn != '\0')) 79789dc44ceSjose borrego (void) printf(gettext("[*] [%s]\n"), fqdn); 798c8ec8eeaSjose borrego 7998d7e4166Sjose borrego if ((smb_get_dcinfo(srvname, MAXHOSTNAMELEN, &srvipaddr) 8008d7e4166Sjose borrego == NT_STATUS_SUCCESS) && (*srvname != '\0') && 8017f667e74Sjose borrego (!smb_inet_iszero(&srvipaddr))) { 8027f667e74Sjose borrego (void) smb_inet_ntop(&srvipaddr, ipstr, 8037f667e74Sjose borrego SMB_IPSTRLEN(srvipaddr.a_family)); 804b3700b07SGordon Ross (void) printf(gettext("\t[+%s] [%s]\n"), 805b3700b07SGordon Ross srvname, ipstr); 806c8ec8eeaSjose borrego } 80789dc44ceSjose borrego 808b3700b07SGordon Ross /* Print the local and domain SID. */ 809a0aa776eSAlan Wright smb_domain_show(); 810da6c28aaSamw return (0); 811da6c28aaSamw } 812da6c28aaSamw 81336a00406SGordon Ross /* 81436a00406SGordon Ross * smbadm_lookup 81536a00406SGordon Ross * 81636a00406SGordon Ross * Lookup the SID for a given account (user or group) 81736a00406SGordon Ross */ 81836a00406SGordon Ross static int 81936a00406SGordon Ross smbadm_lookup(int argc, char **argv) 82036a00406SGordon Ross { 82136a00406SGordon Ross int i; 82236a00406SGordon Ross 82336a00406SGordon Ross if (argc < 2) { 82436a00406SGordon Ross (void) fprintf(stderr, gettext("missing account name\n")); 82536a00406SGordon Ross smbadm_usage(B_FALSE); 82636a00406SGordon Ross } 82736a00406SGordon Ross 82836a00406SGordon Ross for (i = 1; i < argc; i++) { 82936a00406SGordon Ross if (strncmp(argv[i], "S-1-", 4) == 0) 83036a00406SGordon Ross smbadm_lookup_sid(argv[i]); 83136a00406SGordon Ross else 83236a00406SGordon Ross smbadm_lookup_name(argv[i]); 83336a00406SGordon Ross } 83436a00406SGordon Ross return (0); 83536a00406SGordon Ross } 83636a00406SGordon Ross 83736a00406SGordon Ross static void 83836a00406SGordon Ross smbadm_lookup_name(char *name) 83936a00406SGordon Ross { 84036a00406SGordon Ross lsa_account_t acct; 84136a00406SGordon Ross int rc; 84236a00406SGordon Ross 84336a00406SGordon Ross if ((rc = smb_lookup_name(name, SidTypeUnknown, &acct)) != 0) { 84436a00406SGordon Ross (void) fprintf(stderr, gettext( 84536a00406SGordon Ross "\t\t%s: lookup name failed, rc=%d\n"), 84636a00406SGordon Ross name, rc); 84736a00406SGordon Ross return; 84836a00406SGordon Ross } 84936a00406SGordon Ross if (acct.a_status != NT_STATUS_SUCCESS) { 85036a00406SGordon Ross (void) fprintf(stderr, gettext("\t\t%s [%s]\n"), 85136a00406SGordon Ross name, xlate_nt_status(acct.a_status)); 85236a00406SGordon Ross return; 85336a00406SGordon Ross } 85436a00406SGordon Ross (void) printf("\t%s\n", acct.a_sid); 85536a00406SGordon Ross } 85636a00406SGordon Ross 85736a00406SGordon Ross static void 85836a00406SGordon Ross smbadm_lookup_sid(char *sidstr) 85936a00406SGordon Ross { 86036a00406SGordon Ross lsa_account_t acct; 86136a00406SGordon Ross int rc; 86236a00406SGordon Ross 86336a00406SGordon Ross if ((rc = smb_lookup_sid(sidstr, &acct)) != 0) { 86436a00406SGordon Ross (void) fprintf(stderr, gettext( 86536a00406SGordon Ross "\t\t%s: lookup SID failed, rc=%d\n"), 86636a00406SGordon Ross sidstr, rc); 86736a00406SGordon Ross return; 86836a00406SGordon Ross } 86936a00406SGordon Ross if (acct.a_status != NT_STATUS_SUCCESS) { 87036a00406SGordon Ross (void) fprintf(stderr, gettext("\t\t%s [%s]\n"), 87136a00406SGordon Ross sidstr, xlate_nt_status(acct.a_status)); 87236a00406SGordon Ross return; 87336a00406SGordon Ross } 87436a00406SGordon Ross (void) printf("\t%s\\%s\n", acct.a_domain, acct.a_name); 87536a00406SGordon Ross } 87636a00406SGordon Ross 877da6c28aaSamw /* 878da6c28aaSamw * smbadm_group_create 879da6c28aaSamw * 880da6c28aaSamw * Creates a local SMB group 881da6c28aaSamw */ 882da6c28aaSamw static int 883da6c28aaSamw smbadm_group_create(int argc, char **argv) 884da6c28aaSamw { 885da6c28aaSamw char *gname = NULL; 886da6c28aaSamw char *desc = NULL; 887da6c28aaSamw char option; 888dc20a302Sas int status; 889da6c28aaSamw 890da6c28aaSamw while ((option = getopt(argc, argv, "d:")) != -1) { 891da6c28aaSamw switch (option) { 892da6c28aaSamw case 'd': 893da6c28aaSamw desc = optarg; 894da6c28aaSamw break; 895da6c28aaSamw 896da6c28aaSamw default: 897da6c28aaSamw smbadm_usage(B_FALSE); 898da6c28aaSamw } 899da6c28aaSamw } 900da6c28aaSamw 901da6c28aaSamw gname = argv[optind]; 902da6c28aaSamw if (optind >= argc || gname == NULL || *gname == '\0') { 903da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 904da6c28aaSamw smbadm_usage(B_FALSE); 905da6c28aaSamw } 906da6c28aaSamw 907dc20a302Sas status = smb_lgrp_add(gname, desc); 908dc20a302Sas if (status != SMB_LGRP_SUCCESS) { 909da6c28aaSamw (void) fprintf(stderr, 91096a62adaSjoyce mcintosh gettext("failed to create %s (%s)\n"), gname, 911dc20a302Sas smb_lgrp_strerror(status)); 912da6c28aaSamw } else { 91396a62adaSjoyce mcintosh (void) printf(gettext("%s created\n"), gname); 914da6c28aaSamw } 915da6c28aaSamw 916da6c28aaSamw return (status); 917da6c28aaSamw } 918da6c28aaSamw 919da6c28aaSamw /* 920da6c28aaSamw * smbadm_group_dump_members 921da6c28aaSamw * 922da6c28aaSamw * Dump group members details. 923da6c28aaSamw */ 924da6c28aaSamw static void 925dc20a302Sas smbadm_group_dump_members(smb_gsid_t *members, int num) 926da6c28aaSamw { 927fe1c642dSBill Krier char sidstr[SMB_SID_STRSZ]; 928fe1c642dSBill Krier lsa_account_t acct; 929fe1c642dSBill Krier int i; 930da6c28aaSamw 931dc20a302Sas if (num == 0) { 932da6c28aaSamw (void) printf(gettext("\tNo members\n")); 933da6c28aaSamw return; 934da6c28aaSamw } 935da6c28aaSamw 936da6c28aaSamw (void) printf(gettext("\tMembers:\n")); 937dc20a302Sas for (i = 0; i < num; i++) { 938fe1c642dSBill Krier smb_sid_tostr(members[i].gs_sid, sidstr); 939fe1c642dSBill Krier 940fe1c642dSBill Krier if (smb_lookup_sid(sidstr, &acct) == 0) { 941fe1c642dSBill Krier if (acct.a_status == NT_STATUS_SUCCESS) 942fe1c642dSBill Krier smbadm_group_show_name(acct.a_domain, 943fe1c642dSBill Krier acct.a_name); 944fe1c642dSBill Krier else 945fe1c642dSBill Krier (void) printf(gettext("\t\t%s [%s]\n"), 946fe1c642dSBill Krier sidstr, xlate_nt_status(acct.a_status)); 947fe1c642dSBill Krier } else { 9488c10a865Sas (void) printf(gettext("\t\t%s\n"), sidstr); 949fe1c642dSBill Krier } 950da6c28aaSamw } 951da6c28aaSamw } 952da6c28aaSamw 953fe1c642dSBill Krier static void 954fe1c642dSBill Krier smbadm_group_show_name(const char *domain, const char *name) 955fe1c642dSBill Krier { 956fe1c642dSBill Krier if (strchr(domain, '.') != NULL) 95736a00406SGordon Ross (void) printf("\t\t%s@%s\n", name, domain); 958fe1c642dSBill Krier else 95936a00406SGordon Ross (void) printf("\t\t%s\\%s\n", domain, name); 960fe1c642dSBill Krier } 961fe1c642dSBill Krier 962da6c28aaSamw /* 963da6c28aaSamw * smbadm_group_dump_privs 964da6c28aaSamw * 965da6c28aaSamw * Dump group privilege details. 966da6c28aaSamw */ 967da6c28aaSamw static void 968dc20a302Sas smbadm_group_dump_privs(smb_privset_t *privs) 969da6c28aaSamw { 970dc20a302Sas smb_privinfo_t *pinfo; 971dc20a302Sas char *pstatus; 972da6c28aaSamw int i; 973da6c28aaSamw 974da6c28aaSamw (void) printf(gettext("\tPrivileges: \n")); 975da6c28aaSamw 976dc20a302Sas for (i = 0; i < privs->priv_cnt; i++) { 977dc20a302Sas pinfo = smb_priv_getbyvalue(privs->priv[i].luid.lo_part); 978dc20a302Sas if ((pinfo == NULL) || (pinfo->flags & PF_PRESENTABLE) == 0) 979da6c28aaSamw continue; 980da6c28aaSamw 981dc20a302Sas switch (privs->priv[i].attrs) { 982dc20a302Sas case SE_PRIVILEGE_ENABLED: 983dc20a302Sas pstatus = "On"; 984dc20a302Sas break; 985dc20a302Sas case SE_PRIVILEGE_DISABLED: 986dc20a302Sas pstatus = "Off"; 987dc20a302Sas break; 988dc20a302Sas default: 989dc20a302Sas pstatus = "Unknown"; 990dc20a302Sas break; 991da6c28aaSamw } 992dc20a302Sas (void) printf(gettext("\t\t%s: %s\n"), pinfo->name, pstatus); 993da6c28aaSamw } 994da6c28aaSamw 995dc20a302Sas if (privs->priv_cnt == 0) 996da6c28aaSamw (void) printf(gettext("\t\tNo privileges\n")); 997da6c28aaSamw } 998da6c28aaSamw 999da6c28aaSamw /* 1000da6c28aaSamw * smbadm_group_dump 1001da6c28aaSamw * 1002da6c28aaSamw * Dump group details. 1003da6c28aaSamw */ 1004dc20a302Sas static void 1005dc20a302Sas smbadm_group_dump(smb_group_t *grp, boolean_t show_mem, boolean_t show_privs) 1006da6c28aaSamw { 10076537f381Sas char sidstr[SMB_SID_STRSZ]; 1008da6c28aaSamw 1009dc20a302Sas (void) printf(gettext("%s (%s)\n"), grp->sg_name, grp->sg_cmnt); 1010da6c28aaSamw 10116537f381Sas smb_sid_tostr(grp->sg_id.gs_sid, sidstr); 1012dc20a302Sas (void) printf(gettext("\tSID: %s\n"), sidstr); 1013da6c28aaSamw 1014dc20a302Sas if (show_privs) 1015dc20a302Sas smbadm_group_dump_privs(grp->sg_privs); 1016da6c28aaSamw 1017dc20a302Sas if (show_mem) 1018dc20a302Sas smbadm_group_dump_members(grp->sg_members, grp->sg_nmembers); 1019da6c28aaSamw } 1020da6c28aaSamw 1021da6c28aaSamw /* 1022da6c28aaSamw * smbadm_group_show 1023da6c28aaSamw * 1024da6c28aaSamw */ 1025da6c28aaSamw static int 1026da6c28aaSamw smbadm_group_show(int argc, char **argv) 1027da6c28aaSamw { 1028da6c28aaSamw char *gname = NULL; 1029da6c28aaSamw boolean_t show_privs; 1030da6c28aaSamw boolean_t show_members; 1031da6c28aaSamw char option; 1032dc20a302Sas int status; 1033dc20a302Sas smb_group_t grp; 1034dc20a302Sas smb_giter_t gi; 1035da6c28aaSamw 1036da6c28aaSamw show_privs = show_members = B_FALSE; 1037da6c28aaSamw 1038da6c28aaSamw while ((option = getopt(argc, argv, "mp")) != -1) { 1039da6c28aaSamw switch (option) { 1040da6c28aaSamw case 'm': 1041da6c28aaSamw show_members = B_TRUE; 1042da6c28aaSamw break; 1043da6c28aaSamw case 'p': 1044da6c28aaSamw show_privs = B_TRUE; 1045da6c28aaSamw break; 1046da6c28aaSamw 1047da6c28aaSamw default: 1048da6c28aaSamw smbadm_usage(B_FALSE); 1049da6c28aaSamw } 1050da6c28aaSamw } 1051da6c28aaSamw 1052da6c28aaSamw gname = argv[optind]; 1053da6c28aaSamw if (optind >= argc || gname == NULL || *gname == '\0') 1054da6c28aaSamw gname = "*"; 1055da6c28aaSamw 1056dc20a302Sas if (strcmp(gname, "*")) { 1057dc20a302Sas status = smb_lgrp_getbyname(gname, &grp); 1058dc20a302Sas if (status == SMB_LGRP_SUCCESS) { 1059dc20a302Sas smbadm_group_dump(&grp, show_members, show_privs); 1060dc20a302Sas smb_lgrp_free(&grp); 1061dc20a302Sas } else { 1062da6c28aaSamw (void) fprintf(stderr, 10638d7e4166Sjose borrego gettext("failed to find %s (%s)\n"), 1064dc20a302Sas gname, smb_lgrp_strerror(status)); 1065da6c28aaSamw } 1066dc20a302Sas return (status); 1067dc20a302Sas } 1068da6c28aaSamw 10696537f381Sas if ((status = smb_lgrp_iteropen(&gi)) != SMB_LGRP_SUCCESS) { 10708d7e4166Sjose borrego (void) fprintf(stderr, gettext("failed to list groups (%s)\n"), 1071dc20a302Sas smb_lgrp_strerror(status)); 1072dc20a302Sas return (status); 1073dc20a302Sas } 1074da6c28aaSamw 10756537f381Sas while ((status = smb_lgrp_iterate(&gi, &grp)) == SMB_LGRP_SUCCESS) { 1076dc20a302Sas smbadm_group_dump(&grp, show_members, show_privs); 1077dc20a302Sas smb_lgrp_free(&grp); 1078da6c28aaSamw } 10796537f381Sas 1080dc20a302Sas smb_lgrp_iterclose(&gi); 1081da6c28aaSamw 10829fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((status != SMB_LGRP_NO_MORE) || smb_lgrp_itererror(&gi)) { 10839fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (status != SMB_LGRP_NO_MORE) 1084b819cea2SGordon Ross smb_syslog(LOG_ERR, "smb_lgrp_iterate: %s", 10859fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_lgrp_strerror(status)); 10869fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 10876537f381Sas (void) fprintf(stderr, 10889fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States gettext("\nAn error occurred while retrieving group data.\n" 10899fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States "Check the system log for more information.\n")); 10906537f381Sas return (status); 10916537f381Sas } 10926537f381Sas 1093dc20a302Sas return (0); 1094da6c28aaSamw } 1095da6c28aaSamw 1096da6c28aaSamw /* 1097da6c28aaSamw * smbadm_group_delete 1098da6c28aaSamw */ 1099da6c28aaSamw static int 1100da6c28aaSamw smbadm_group_delete(int argc, char **argv) 1101da6c28aaSamw { 1102da6c28aaSamw char *gname = NULL; 1103dc20a302Sas int status; 1104da6c28aaSamw 1105da6c28aaSamw gname = argv[optind]; 1106da6c28aaSamw if (optind >= argc || gname == NULL || *gname == '\0') { 1107da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 1108da6c28aaSamw smbadm_usage(B_FALSE); 1109da6c28aaSamw } 1110da6c28aaSamw 1111dc20a302Sas status = smb_lgrp_delete(gname); 1112dc20a302Sas if (status != SMB_LGRP_SUCCESS) { 1113da6c28aaSamw (void) fprintf(stderr, 11148d7e4166Sjose borrego gettext("failed to delete %s (%s)\n"), gname, 1115dc20a302Sas smb_lgrp_strerror(status)); 1116da6c28aaSamw } else { 111796a62adaSjoyce mcintosh (void) printf(gettext("%s deleted\n"), gname); 1118da6c28aaSamw } 1119da6c28aaSamw 1120da6c28aaSamw return (status); 1121da6c28aaSamw } 1122da6c28aaSamw 1123da6c28aaSamw /* 1124da6c28aaSamw * smbadm_group_rename 1125da6c28aaSamw */ 1126da6c28aaSamw static int 1127da6c28aaSamw smbadm_group_rename(int argc, char **argv) 1128da6c28aaSamw { 1129da6c28aaSamw char *gname = NULL; 1130da6c28aaSamw char *ngname = NULL; 1131dc20a302Sas int status; 1132da6c28aaSamw 1133da6c28aaSamw gname = argv[optind]; 1134da6c28aaSamw if (optind++ >= argc || gname == NULL || *gname == '\0') { 1135da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 1136da6c28aaSamw smbadm_usage(B_FALSE); 1137da6c28aaSamw } 1138da6c28aaSamw 1139da6c28aaSamw ngname = argv[optind]; 1140da6c28aaSamw if (optind >= argc || ngname == NULL || *ngname == '\0') { 1141da6c28aaSamw (void) fprintf(stderr, gettext("missing new group name\n")); 1142da6c28aaSamw smbadm_usage(B_FALSE); 1143da6c28aaSamw } 1144da6c28aaSamw 1145dc20a302Sas status = smb_lgrp_rename(gname, ngname); 1146dc20a302Sas if (status != SMB_LGRP_SUCCESS) { 1147dc20a302Sas if (status == SMB_LGRP_EXISTS) 1148dc20a302Sas (void) fprintf(stderr, 1149dc20a302Sas gettext("failed to rename '%s' (%s already " 1150dc20a302Sas "exists)\n"), gname, ngname); 1151dc20a302Sas else 1152dc20a302Sas (void) fprintf(stderr, 1153dc20a302Sas gettext("failed to rename '%s' (%s)\n"), gname, 1154dc20a302Sas smb_lgrp_strerror(status)); 1155da6c28aaSamw } else { 1156dc20a302Sas (void) printf(gettext("'%s' renamed to '%s'\n"), gname, ngname); 1157da6c28aaSamw } 1158da6c28aaSamw 1159da6c28aaSamw return (status); 1160da6c28aaSamw } 1161da6c28aaSamw 1162da6c28aaSamw /* 1163da6c28aaSamw * smbadm_group_setprop 1164da6c28aaSamw * 1165da6c28aaSamw * Set the group properties. 1166da6c28aaSamw */ 1167da6c28aaSamw static int 1168da6c28aaSamw smbadm_group_setprop(int argc, char **argv) 1169da6c28aaSamw { 1170da6c28aaSamw char *gname = NULL; 1171da6c28aaSamw smbadm_prop_t props[SMBADM_NPROP]; 1172da6c28aaSamw smbadm_prop_handle_t *phandle; 1173da6c28aaSamw char option; 1174da6c28aaSamw int pcnt = 0; 11752c54ade0SYuri Pankov int ret = 0; 1176da6c28aaSamw int p; 1177da6c28aaSamw 1178da6c28aaSamw bzero(props, SMBADM_NPROP * sizeof (smbadm_prop_t)); 1179da6c28aaSamw 1180da6c28aaSamw while ((option = getopt(argc, argv, "p:")) != -1) { 1181da6c28aaSamw switch (option) { 1182da6c28aaSamw case 'p': 1183da6c28aaSamw if (pcnt >= SMBADM_NPROP) { 1184da6c28aaSamw (void) fprintf(stderr, 1185da6c28aaSamw gettext("exceeded number of supported" 1186da6c28aaSamw " properties\n")); 1187da6c28aaSamw smbadm_usage(B_FALSE); 1188da6c28aaSamw } 1189da6c28aaSamw 1190dc20a302Sas if (smbadm_prop_parse(optarg, &props[pcnt++]) != 0) 1191dc20a302Sas smbadm_usage(B_FALSE); 1192da6c28aaSamw break; 1193da6c28aaSamw 1194da6c28aaSamw default: 1195da6c28aaSamw smbadm_usage(B_FALSE); 1196da6c28aaSamw } 1197da6c28aaSamw } 1198da6c28aaSamw 1199da6c28aaSamw if (pcnt == 0) { 1200da6c28aaSamw (void) fprintf(stderr, 1201da6c28aaSamw gettext("missing property=value argument\n")); 1202da6c28aaSamw smbadm_usage(B_FALSE); 1203da6c28aaSamw } 1204da6c28aaSamw 1205da6c28aaSamw gname = argv[optind]; 1206da6c28aaSamw if (optind >= argc || gname == NULL || *gname == '\0') { 1207da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 1208da6c28aaSamw smbadm_usage(B_FALSE); 1209da6c28aaSamw } 1210da6c28aaSamw 1211da6c28aaSamw for (p = 0; p < pcnt; p++) { 1212da6c28aaSamw phandle = smbadm_prop_gethandle(props[p].p_name); 1213da6c28aaSamw if (phandle) { 1214da6c28aaSamw if (phandle->p_setfn(gname, &props[p]) != 0) 1215da6c28aaSamw ret = 1; 1216da6c28aaSamw } 1217da6c28aaSamw } 1218da6c28aaSamw 1219da6c28aaSamw return (ret); 1220da6c28aaSamw } 1221da6c28aaSamw 1222da6c28aaSamw /* 1223da6c28aaSamw * smbadm_group_getprop 1224da6c28aaSamw * 1225da6c28aaSamw * Get the group properties. 1226da6c28aaSamw */ 1227da6c28aaSamw static int 1228da6c28aaSamw smbadm_group_getprop(int argc, char **argv) 1229da6c28aaSamw { 1230da6c28aaSamw char *gname = NULL; 1231da6c28aaSamw smbadm_prop_t props[SMBADM_NPROP]; 1232da6c28aaSamw smbadm_prop_handle_t *phandle; 1233da6c28aaSamw char option; 1234da6c28aaSamw int pcnt = 0; 12352c54ade0SYuri Pankov int ret = 0; 1236da6c28aaSamw int p; 1237da6c28aaSamw 1238da6c28aaSamw bzero(props, SMBADM_NPROP * sizeof (smbadm_prop_t)); 1239da6c28aaSamw 1240da6c28aaSamw while ((option = getopt(argc, argv, "p:")) != -1) { 1241da6c28aaSamw switch (option) { 1242da6c28aaSamw case 'p': 1243da6c28aaSamw if (pcnt >= SMBADM_NPROP) { 1244da6c28aaSamw (void) fprintf(stderr, 1245da6c28aaSamw gettext("exceeded number of supported" 1246da6c28aaSamw " properties\n")); 1247da6c28aaSamw smbadm_usage(B_FALSE); 1248da6c28aaSamw } 1249da6c28aaSamw 1250dc20a302Sas if (smbadm_prop_parse(optarg, &props[pcnt++]) != 0) 1251dc20a302Sas smbadm_usage(B_FALSE); 1252da6c28aaSamw break; 1253da6c28aaSamw 1254da6c28aaSamw default: 1255da6c28aaSamw smbadm_usage(B_FALSE); 1256da6c28aaSamw } 1257da6c28aaSamw } 1258da6c28aaSamw 1259da6c28aaSamw gname = argv[optind]; 1260da6c28aaSamw if (optind >= argc || gname == NULL || *gname == '\0') { 1261da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 1262da6c28aaSamw smbadm_usage(B_FALSE); 1263da6c28aaSamw } 1264da6c28aaSamw 1265da6c28aaSamw if (pcnt == 0) { 1266da6c28aaSamw /* 1267da6c28aaSamw * If no property has be specified then get 1268da6c28aaSamw * all the properties. 1269da6c28aaSamw */ 1270da6c28aaSamw pcnt = SMBADM_NPROP; 1271da6c28aaSamw for (p = 0; p < pcnt; p++) 1272da6c28aaSamw props[p].p_name = smbadm_ptable[p].p_name; 1273da6c28aaSamw } 1274da6c28aaSamw 1275da6c28aaSamw for (p = 0; p < pcnt; p++) { 1276da6c28aaSamw phandle = smbadm_prop_gethandle(props[p].p_name); 1277da6c28aaSamw if (phandle) { 1278da6c28aaSamw if (phandle->p_getfn(gname, &props[p]) != 0) 1279da6c28aaSamw ret = 1; 1280da6c28aaSamw } 1281da6c28aaSamw } 1282da6c28aaSamw 1283da6c28aaSamw return (ret); 1284da6c28aaSamw } 1285da6c28aaSamw 1286da6c28aaSamw /* 1287da6c28aaSamw * smbadm_group_addmember 1288da6c28aaSamw * 1289da6c28aaSamw */ 1290da6c28aaSamw static int 1291da6c28aaSamw smbadm_group_addmember(int argc, char **argv) 1292da6c28aaSamw { 1293da6c28aaSamw char *gname = NULL; 1294da6c28aaSamw char **mname; 1295da6c28aaSamw char option; 1296da6c28aaSamw int mcnt = 0; 1297da6c28aaSamw int ret = 0; 1298da6c28aaSamw int i; 1299da6c28aaSamw 1300da6c28aaSamw 1301da6c28aaSamw mname = (char **)malloc(argc * sizeof (char *)); 1302da6c28aaSamw if (mname == NULL) { 13038d7e4166Sjose borrego warn(gettext("failed to add group member")); 1304da6c28aaSamw return (1); 1305da6c28aaSamw } 1306da6c28aaSamw bzero(mname, argc * sizeof (char *)); 1307da6c28aaSamw 1308da6c28aaSamw while ((option = getopt(argc, argv, "m:")) != -1) { 1309da6c28aaSamw switch (option) { 1310da6c28aaSamw case 'm': 1311da6c28aaSamw mname[mcnt++] = optarg; 1312da6c28aaSamw break; 1313da6c28aaSamw 1314da6c28aaSamw default: 1315da6c28aaSamw free(mname); 1316da6c28aaSamw smbadm_usage(B_FALSE); 1317da6c28aaSamw } 1318da6c28aaSamw } 1319da6c28aaSamw 1320da6c28aaSamw if (mcnt == 0) { 1321da6c28aaSamw (void) fprintf(stderr, gettext("missing member name\n")); 1322da6c28aaSamw free(mname); 1323da6c28aaSamw smbadm_usage(B_FALSE); 1324da6c28aaSamw } 1325da6c28aaSamw 1326da6c28aaSamw gname = argv[optind]; 1327da6c28aaSamw if (optind >= argc || gname == NULL || *gname == 0) { 1328da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 1329da6c28aaSamw free(mname); 1330da6c28aaSamw smbadm_usage(B_FALSE); 1331da6c28aaSamw } 1332da6c28aaSamw 1333da6c28aaSamw for (i = 0; i < mcnt; i++) { 1334da6c28aaSamw if (mname[i] == NULL) 1335da6c28aaSamw continue; 133636a00406SGordon Ross ret |= smbadm_group_add_del_member( 133736a00406SGordon Ross gname, mname[i], SMBADM_GRP_ADDMEMBER); 1338da6c28aaSamw } 1339da6c28aaSamw 1340da6c28aaSamw free(mname); 1341da6c28aaSamw return (ret); 1342da6c28aaSamw } 1343da6c28aaSamw 1344da6c28aaSamw /* 1345da6c28aaSamw * smbadm_group_delmember 1346da6c28aaSamw */ 1347da6c28aaSamw static int 1348da6c28aaSamw smbadm_group_delmember(int argc, char **argv) 1349da6c28aaSamw { 1350da6c28aaSamw char *gname = NULL; 1351da6c28aaSamw char **mname; 1352da6c28aaSamw char option; 1353da6c28aaSamw int mcnt = 0; 1354da6c28aaSamw int ret = 0; 1355da6c28aaSamw int i; 1356da6c28aaSamw 1357da6c28aaSamw mname = (char **)malloc(argc * sizeof (char *)); 1358da6c28aaSamw if (mname == NULL) { 13598d7e4166Sjose borrego warn(gettext("failed to delete group member")); 1360da6c28aaSamw return (1); 1361da6c28aaSamw } 1362da6c28aaSamw bzero(mname, argc * sizeof (char *)); 1363da6c28aaSamw 1364da6c28aaSamw while ((option = getopt(argc, argv, "m:")) != -1) { 1365da6c28aaSamw switch (option) { 1366da6c28aaSamw case 'm': 1367da6c28aaSamw mname[mcnt++] = optarg; 1368da6c28aaSamw break; 1369da6c28aaSamw 1370da6c28aaSamw default: 1371da6c28aaSamw free(mname); 1372da6c28aaSamw smbadm_usage(B_FALSE); 1373da6c28aaSamw } 1374da6c28aaSamw } 1375da6c28aaSamw 1376da6c28aaSamw if (mcnt == 0) { 1377da6c28aaSamw (void) fprintf(stderr, gettext("missing member name\n")); 1378da6c28aaSamw free(mname); 1379da6c28aaSamw smbadm_usage(B_FALSE); 1380da6c28aaSamw } 1381da6c28aaSamw 1382da6c28aaSamw gname = argv[optind]; 1383da6c28aaSamw if (optind >= argc || gname == NULL || *gname == 0) { 1384da6c28aaSamw (void) fprintf(stderr, gettext("missing group name\n")); 1385da6c28aaSamw free(mname); 1386da6c28aaSamw smbadm_usage(B_FALSE); 1387da6c28aaSamw } 1388da6c28aaSamw 1389da6c28aaSamw 1390da6c28aaSamw for (i = 0; i < mcnt; i++) { 1391fe1c642dSBill Krier ret = 0; 1392da6c28aaSamw if (mname[i] == NULL) 1393da6c28aaSamw continue; 139436a00406SGordon Ross ret |= smbadm_group_add_del_member( 139536a00406SGordon Ross gname, mname[i], SMBADM_GRP_DELMEMBER); 139636a00406SGordon Ross } 1397da6c28aaSamw 139836a00406SGordon Ross free(mname); 139936a00406SGordon Ross return (ret); 140036a00406SGordon Ross } 1401dc20a302Sas 140236a00406SGordon Ross static int 140336a00406SGordon Ross smbadm_group_add_del_member(char *gname, char *mname, 1404ef4cfbfdSMatt Barden smbadm_grp_action_t act) 140536a00406SGordon Ross { 140636a00406SGordon Ross lsa_account_t acct; 140736a00406SGordon Ross smb_gsid_t msid; 140836a00406SGordon Ross char *sidstr; 14092c54ade0SYuri Pankov char *act_str = NULL; 141036a00406SGordon Ross int rc; 1411fe1c642dSBill Krier 141236a00406SGordon Ross if (strncmp(mname, "S-1-", 4) == 0) { 141336a00406SGordon Ross /* 141436a00406SGordon Ross * We are given a SID. Just use it. 141536a00406SGordon Ross * 1416d4c7367eSGordon Ross * We'd like the real account type if we can get it, 141736a00406SGordon Ross * but don't want to error out if we can't get it. 1418d4c7367eSGordon Ross * Lacking other info, assume it's a group. 141936a00406SGordon Ross */ 142036a00406SGordon Ross sidstr = mname; 142136a00406SGordon Ross rc = smb_lookup_sid(sidstr, &acct); 142236a00406SGordon Ross if ((rc != 0) || (acct.a_status != NT_STATUS_SUCCESS)) 1423d4c7367eSGordon Ross acct.a_sidtype = SidTypeGroup; 142436a00406SGordon Ross } else { 142536a00406SGordon Ross rc = smb_lookup_name(mname, SidTypeUnknown, &acct); 142636a00406SGordon Ross if ((rc != 0) || (acct.a_status != NT_STATUS_SUCCESS)) { 1427fe1c642dSBill Krier (void) fprintf(stderr, 142836a00406SGordon Ross gettext("%s: name lookup failed\n"), mname); 142936a00406SGordon Ross return (1); 1430fe1c642dSBill Krier } 143136a00406SGordon Ross sidstr = acct.a_sid; 143236a00406SGordon Ross } 1433fe1c642dSBill Krier 143436a00406SGordon Ross msid.gs_type = acct.a_sidtype; 143536a00406SGordon Ross if ((msid.gs_sid = smb_sid_fromstr(sidstr)) == NULL) { 143636a00406SGordon Ross (void) fprintf(stderr, 143736a00406SGordon Ross gettext("%s: no memory for SID\n"), sidstr); 143836a00406SGordon Ross return (1); 1439da6c28aaSamw } 1440da6c28aaSamw 144136a00406SGordon Ross switch (act) { 144236a00406SGordon Ross case SMBADM_GRP_ADDMEMBER: 144336a00406SGordon Ross act_str = gettext("add"); 144436a00406SGordon Ross rc = smb_lgrp_add_member(gname, 144536a00406SGordon Ross msid.gs_sid, msid.gs_type); 144636a00406SGordon Ross break; 144736a00406SGordon Ross case SMBADM_GRP_DELMEMBER: 144836a00406SGordon Ross act_str = gettext("remove"); 144936a00406SGordon Ross rc = smb_lgrp_del_member(gname, 145036a00406SGordon Ross msid.gs_sid, msid.gs_type); 145136a00406SGordon Ross break; 145236a00406SGordon Ross default: 145336a00406SGordon Ross rc = SMB_LGRP_INTERNAL_ERROR; 145436a00406SGordon Ross break; 145536a00406SGordon Ross } 145636a00406SGordon Ross 145736a00406SGordon Ross smb_sid_free(msid.gs_sid); 145836a00406SGordon Ross 145936a00406SGordon Ross if (rc != SMB_LGRP_SUCCESS) { 146036a00406SGordon Ross (void) fprintf(stderr, 146136a00406SGordon Ross gettext("failed to %s %s (%s)\n"), 146236a00406SGordon Ross act_str, mname, smb_lgrp_strerror(rc)); 146336a00406SGordon Ross return (1); 146436a00406SGordon Ross } 146536a00406SGordon Ross return (0); 1466da6c28aaSamw } 1467da6c28aaSamw 1468ef4cfbfdSMatt Barden static int 1469ef4cfbfdSMatt Barden smbadm_user_delete(int argc, char **argv) 1470ef4cfbfdSMatt Barden { 1471ef4cfbfdSMatt Barden int error; 1472ef4cfbfdSMatt Barden char *user = NULL; 1473ef4cfbfdSMatt Barden 1474ef4cfbfdSMatt Barden user = argv[optind]; 1475ef4cfbfdSMatt Barden if (optind >= argc || user == NULL || *user == '\0') { 1476ef4cfbfdSMatt Barden (void) fprintf(stderr, gettext("missing user name\n")); 1477ef4cfbfdSMatt Barden smbadm_usage(B_FALSE); 1478ef4cfbfdSMatt Barden } 1479ef4cfbfdSMatt Barden 1480ef4cfbfdSMatt Barden error = smb_pwd_setcntl(user, SMB_PWC_DELETE); 1481ef4cfbfdSMatt Barden if (error == SMB_PWE_SUCCESS) 1482ef4cfbfdSMatt Barden (void) printf(gettext("%s has been deleted.\n"), user); 1483ef4cfbfdSMatt Barden else 1484ef4cfbfdSMatt Barden (void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error)); 1485ef4cfbfdSMatt Barden 1486ef4cfbfdSMatt Barden return (error); 1487ef4cfbfdSMatt Barden } 1488ef4cfbfdSMatt Barden 1489da6c28aaSamw static int 1490da6c28aaSamw smbadm_user_disable(int argc, char **argv) 1491da6c28aaSamw { 1492da6c28aaSamw int error; 1493da6c28aaSamw char *user = NULL; 1494da6c28aaSamw 1495da6c28aaSamw user = argv[optind]; 1496da6c28aaSamw if (optind >= argc || user == NULL || *user == '\0') { 1497da6c28aaSamw (void) fprintf(stderr, gettext("missing user name\n")); 1498da6c28aaSamw smbadm_usage(B_FALSE); 1499da6c28aaSamw } 1500da6c28aaSamw 1501da6c28aaSamw error = smb_pwd_setcntl(user, SMB_PWC_DISABLE); 1502da6c28aaSamw if (error == SMB_PWE_SUCCESS) 1503da6c28aaSamw (void) printf(gettext("%s is disabled.\n"), user); 1504da6c28aaSamw else 1505da6c28aaSamw (void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error)); 1506da6c28aaSamw 1507da6c28aaSamw return (error); 1508da6c28aaSamw } 1509da6c28aaSamw 1510da6c28aaSamw static int 1511da6c28aaSamw smbadm_user_enable(int argc, char **argv) 1512da6c28aaSamw { 1513da6c28aaSamw int error; 1514da6c28aaSamw char *user = NULL; 1515da6c28aaSamw 1516da6c28aaSamw user = argv[optind]; 1517da6c28aaSamw if (optind >= argc || user == NULL || *user == '\0') { 1518da6c28aaSamw (void) fprintf(stderr, gettext("missing user name\n")); 1519da6c28aaSamw smbadm_usage(B_FALSE); 1520da6c28aaSamw } 1521da6c28aaSamw 1522da6c28aaSamw error = smb_pwd_setcntl(user, SMB_PWC_ENABLE); 1523da6c28aaSamw if (error == SMB_PWE_SUCCESS) 1524da6c28aaSamw (void) printf(gettext("%s is enabled.\n"), user); 1525da6c28aaSamw else 1526da6c28aaSamw (void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error)); 1527da6c28aaSamw 1528da6c28aaSamw return (error); 1529da6c28aaSamw } 1530da6c28aaSamw 1531da6c28aaSamw 1532da6c28aaSamw int 1533da6c28aaSamw main(int argc, char **argv) 1534da6c28aaSamw { 1535dc20a302Sas int ret; 1536da6c28aaSamw int i; 1537da6c28aaSamw 153896a62adaSjoyce mcintosh (void) setlocale(LC_ALL, ""); 153996a62adaSjoyce mcintosh (void) textdomain(TEXT_DOMAIN); 154096a62adaSjoyce mcintosh 1541da6c28aaSamw (void) malloc(0); /* satisfy libumem dependency */ 1542da6c28aaSamw 1543da6c28aaSamw progname = basename(argv[0]); 1544da6c28aaSamw 1545da6c28aaSamw if (is_system_labeled()) { 1546da6c28aaSamw (void) fprintf(stderr, 1547da6c28aaSamw gettext("Trusted Extensions not supported\n")); 15488622ec45SGordon Ross return (1); 1549da6c28aaSamw } 1550da6c28aaSamw 1551da6c28aaSamw if (argc < 2) { 1552da6c28aaSamw (void) fprintf(stderr, gettext("missing command\n")); 1553da6c28aaSamw smbadm_usage(B_FALSE); 1554da6c28aaSamw } 1555da6c28aaSamw 1556da6c28aaSamw /* 1557da6c28aaSamw * Special case "cmd --help/-?" 1558da6c28aaSamw */ 1559da6c28aaSamw if (strcmp(argv[1], "-?") == 0 || 1560da6c28aaSamw strcmp(argv[1], "--help") == 0 || 1561da6c28aaSamw strcmp(argv[1], "-h") == 0) 1562da6c28aaSamw smbadm_usage(B_TRUE); 1563da6c28aaSamw 1564da6c28aaSamw for (i = 0; i < SMBADM_NCMD; ++i) { 1565da6c28aaSamw curcmd = &smbadm_cmdtable[i]; 1566da6c28aaSamw if (strcasecmp(argv[1], curcmd->name) == 0) { 1567da6c28aaSamw if (argc > 2) { 1568da6c28aaSamw /* cmd subcmd --help/-? */ 1569da6c28aaSamw if (strcmp(argv[2], "-?") == 0 || 1570da6c28aaSamw strcmp(argv[2], "--help") == 0 || 1571da6c28aaSamw strcmp(argv[2], "-h") == 0) 1572da6c28aaSamw smbadm_usage(B_TRUE); 1573da6c28aaSamw } 1574da6c28aaSamw 157596a62adaSjoyce mcintosh if (!smbadm_checkauth(curcmd->auth)) { 157696a62adaSjoyce mcintosh (void) fprintf(stderr, 157796a62adaSjoyce mcintosh gettext("%s: %s: authorization denied\n"), 157896a62adaSjoyce mcintosh progname, curcmd->name); 157996a62adaSjoyce mcintosh return (1); 158096a62adaSjoyce mcintosh } 158196a62adaSjoyce mcintosh 15823db3f65cSamw if ((ret = smbadm_init()) != 0) 1583faa1795aSjb return (ret); 1584dc20a302Sas 1585dc20a302Sas ret = curcmd->func(argc - 1, &argv[1]); 1586faa1795aSjb 15873db3f65cSamw smbadm_fini(); 1588dc20a302Sas return (ret); 1589da6c28aaSamw } 1590da6c28aaSamw } 1591da6c28aaSamw 1592da6c28aaSamw curcmd = NULL; 1593da6c28aaSamw (void) fprintf(stderr, gettext("unknown subcommand (%s)\n"), argv[1]); 1594da6c28aaSamw smbadm_usage(B_FALSE); 1595da6c28aaSamw return (2); 1596da6c28aaSamw } 1597da6c28aaSamw 1598faa1795aSjb static int 15993db3f65cSamw smbadm_init(void) 1600faa1795aSjb { 1601faa1795aSjb int rc; 1602faa1795aSjb 16033db3f65cSamw switch (curcmd->flags & SMBADM_CMDF_TYPEMASK) { 16043db3f65cSamw case SMBADM_CMDF_GROUP: 1605faa1795aSjb if ((rc = smb_lgrp_start()) != SMB_LGRP_SUCCESS) { 1606faa1795aSjb (void) fprintf(stderr, 1607faa1795aSjb gettext("failed to initialize (%s)\n"), 1608faa1795aSjb smb_lgrp_strerror(rc)); 1609faa1795aSjb return (1); 1610faa1795aSjb } 16113db3f65cSamw break; 16123db3f65cSamw 16133db3f65cSamw case SMBADM_CMDF_USER: 16143db3f65cSamw smb_pwd_init(B_FALSE); 16153db3f65cSamw break; 16163db3f65cSamw 16173db3f65cSamw default: 16183db3f65cSamw break; 1619faa1795aSjb } 1620faa1795aSjb 1621faa1795aSjb return (0); 1622faa1795aSjb } 1623faa1795aSjb 1624faa1795aSjb static void 16253db3f65cSamw smbadm_fini(void) 1626faa1795aSjb { 16273db3f65cSamw switch (curcmd->flags & SMBADM_CMDF_TYPEMASK) { 16283db3f65cSamw case SMBADM_CMDF_GROUP: 1629faa1795aSjb smb_lgrp_stop(); 16303db3f65cSamw break; 16313db3f65cSamw 16323db3f65cSamw case SMBADM_CMDF_USER: 16333db3f65cSamw smb_pwd_fini(); 16343db3f65cSamw break; 16353db3f65cSamw 16363db3f65cSamw default: 16373db3f65cSamw break; 1638faa1795aSjb } 1639faa1795aSjb } 1640faa1795aSjb 164196a62adaSjoyce mcintosh static boolean_t 164296a62adaSjoyce mcintosh smbadm_checkauth(const char *auth) 164396a62adaSjoyce mcintosh { 164496a62adaSjoyce mcintosh struct passwd *pw; 164596a62adaSjoyce mcintosh 164696a62adaSjoyce mcintosh if ((pw = getpwuid(getuid())) == NULL) 164796a62adaSjoyce mcintosh return (B_FALSE); 164896a62adaSjoyce mcintosh 164996a62adaSjoyce mcintosh if (chkauthattr(auth, pw->pw_name) == 0) 165096a62adaSjoyce mcintosh return (B_FALSE); 165196a62adaSjoyce mcintosh 165296a62adaSjoyce mcintosh return (B_TRUE); 165396a62adaSjoyce mcintosh } 165496a62adaSjoyce mcintosh 1655da6c28aaSamw static boolean_t 1656da6c28aaSamw smbadm_prop_validate(smbadm_prop_t *prop, boolean_t chkval) 1657da6c28aaSamw { 1658da6c28aaSamw smbadm_prop_handle_t *pinfo; 1659da6c28aaSamw int i; 1660da6c28aaSamw 1661da6c28aaSamw for (i = 0; i < SMBADM_NPROP; i++) { 1662da6c28aaSamw pinfo = &smbadm_ptable[i]; 1663da6c28aaSamw if (strcmp(pinfo->p_name, prop->p_name) == 0) { 1664da6c28aaSamw if (pinfo->p_chkfn && chkval) 1665da6c28aaSamw return (pinfo->p_chkfn(prop)); 1666da6c28aaSamw 1667da6c28aaSamw return (B_TRUE); 1668da6c28aaSamw } 1669da6c28aaSamw } 1670da6c28aaSamw 16718d7e4166Sjose borrego (void) fprintf(stderr, gettext("unrecognized property '%s'\n"), 16728d7e4166Sjose borrego prop->p_name); 1673da6c28aaSamw 1674da6c28aaSamw return (B_FALSE); 1675da6c28aaSamw } 1676da6c28aaSamw 1677da6c28aaSamw static int 1678da6c28aaSamw smbadm_prop_parse(char *arg, smbadm_prop_t *prop) 1679da6c28aaSamw { 1680da6c28aaSamw boolean_t parse_value; 1681da6c28aaSamw char *equal; 1682da6c28aaSamw 1683da6c28aaSamw if (arg == NULL) 1684da6c28aaSamw return (2); 1685da6c28aaSamw 1686da6c28aaSamw prop->p_name = prop->p_value = NULL; 1687da6c28aaSamw 1688da6c28aaSamw if (strcmp(curcmd->name, "set") == 0) 1689da6c28aaSamw parse_value = B_TRUE; 1690da6c28aaSamw else 1691da6c28aaSamw parse_value = B_FALSE; 1692da6c28aaSamw 1693da6c28aaSamw prop->p_name = arg; 1694da6c28aaSamw 1695da6c28aaSamw if (parse_value) { 1696da6c28aaSamw equal = strchr(arg, '='); 1697da6c28aaSamw if (equal == NULL) 1698da6c28aaSamw return (2); 1699da6c28aaSamw 1700da6c28aaSamw *equal++ = '\0'; 1701da6c28aaSamw prop->p_value = equal; 1702da6c28aaSamw } 1703da6c28aaSamw 1704da6c28aaSamw if (smbadm_prop_validate(prop, parse_value) == B_FALSE) 1705da6c28aaSamw return (2); 1706da6c28aaSamw 1707da6c28aaSamw return (0); 1708da6c28aaSamw } 1709da6c28aaSamw 1710da6c28aaSamw static smbadm_prop_handle_t * 1711da6c28aaSamw smbadm_prop_gethandle(char *pname) 1712da6c28aaSamw { 1713da6c28aaSamw int i; 1714da6c28aaSamw 1715da6c28aaSamw for (i = 0; i < SMBADM_NPROP; i++) 1716da6c28aaSamw if (strcmp(pname, smbadm_ptable[i].p_name) == 0) 1717da6c28aaSamw return (&smbadm_ptable[i]); 1718da6c28aaSamw 1719da6c28aaSamw return (NULL); 1720da6c28aaSamw } 1721da6c28aaSamw 1722da6c28aaSamw static int 1723da6c28aaSamw smbadm_setprop_desc(char *gname, smbadm_prop_t *prop) 1724da6c28aaSamw { 1725dc20a302Sas int status; 1726da6c28aaSamw 1727dc20a302Sas status = smb_lgrp_setcmnt(gname, prop->p_value); 1728dc20a302Sas if (status != SMB_LGRP_SUCCESS) { 1729da6c28aaSamw (void) fprintf(stderr, 1730da6c28aaSamw gettext("failed to modify the group description (%s)\n"), 1731dc20a302Sas smb_lgrp_strerror(status)); 1732da6c28aaSamw return (1); 1733da6c28aaSamw } 1734da6c28aaSamw 17358d7e4166Sjose borrego (void) printf(gettext("%s: description modified\n"), gname); 1736da6c28aaSamw return (0); 1737da6c28aaSamw } 1738da6c28aaSamw 1739da6c28aaSamw static int 1740da6c28aaSamw smbadm_getprop_desc(char *gname, smbadm_prop_t *prop) 1741da6c28aaSamw { 1742dc20a302Sas char *cmnt = NULL; 1743dc20a302Sas int status; 1744da6c28aaSamw 1745dc20a302Sas status = smb_lgrp_getcmnt(gname, &cmnt); 1746dc20a302Sas if (status != SMB_LGRP_SUCCESS) { 1747da6c28aaSamw (void) fprintf(stderr, 1748dc20a302Sas gettext("failed to get the group description (%s)\n"), 1749dc20a302Sas smb_lgrp_strerror(status)); 1750da6c28aaSamw return (1); 1751da6c28aaSamw } 1752da6c28aaSamw 1753dc20a302Sas (void) printf(gettext("\t%s: %s\n"), prop->p_name, cmnt); 1754dc20a302Sas free(cmnt); 1755da6c28aaSamw return (0); 1756da6c28aaSamw } 1757da6c28aaSamw 1758da6c28aaSamw static int 1759dc20a302Sas smbadm_group_setpriv(char *gname, uint8_t priv_id, smbadm_prop_t *prop) 1760da6c28aaSamw { 1761dc20a302Sas boolean_t enable; 1762dc20a302Sas int status; 1763da6c28aaSamw int ret; 1764da6c28aaSamw 1765da6c28aaSamw if (strcasecmp(prop->p_value, "on") == 0) { 1766da6c28aaSamw (void) printf(gettext("Enabling %s privilege "), prop->p_name); 1767dc20a302Sas enable = B_TRUE; 1768da6c28aaSamw } else { 1769da6c28aaSamw (void) printf(gettext("Disabling %s privilege "), prop->p_name); 1770dc20a302Sas enable = B_FALSE; 1771da6c28aaSamw } 1772da6c28aaSamw 1773dc20a302Sas status = smb_lgrp_setpriv(gname, priv_id, enable); 1774dc20a302Sas if (status == SMB_LGRP_SUCCESS) { 1775da6c28aaSamw (void) printf(gettext("succeeded\n")); 1776da6c28aaSamw ret = 0; 1777da6c28aaSamw } else { 1778dc20a302Sas (void) printf(gettext("failed: %s\n"), 1779dc20a302Sas smb_lgrp_strerror(status)); 1780da6c28aaSamw ret = 1; 1781da6c28aaSamw } 1782da6c28aaSamw 1783da6c28aaSamw return (ret); 1784da6c28aaSamw } 1785da6c28aaSamw 1786da6c28aaSamw static int 1787dc20a302Sas smbadm_group_getpriv(char *gname, uint8_t priv_id, smbadm_prop_t *prop) 1788da6c28aaSamw { 1789dc20a302Sas boolean_t enable; 1790dc20a302Sas int status; 1791da6c28aaSamw 1792dc20a302Sas status = smb_lgrp_getpriv(gname, priv_id, &enable); 1793dc20a302Sas if (status != SMB_LGRP_SUCCESS) { 1794da6c28aaSamw (void) fprintf(stderr, gettext("failed to get %s (%s)\n"), 1795dc20a302Sas prop->p_name, smb_lgrp_strerror(status)); 1796da6c28aaSamw return (1); 1797da6c28aaSamw } 1798da6c28aaSamw 1799dc20a302Sas (void) printf(gettext("\t%s: %s\n"), prop->p_name, 1800dc20a302Sas (enable) ? "On" : "Off"); 1801da6c28aaSamw 1802da6c28aaSamw return (0); 1803da6c28aaSamw } 1804da6c28aaSamw 1805da6c28aaSamw static int 1806da6c28aaSamw smbadm_setprop_tkowner(char *gname, smbadm_prop_t *prop) 1807da6c28aaSamw { 1808da6c28aaSamw return (smbadm_group_setpriv(gname, SE_TAKE_OWNERSHIP_LUID, prop)); 1809da6c28aaSamw } 1810da6c28aaSamw 1811da6c28aaSamw static int 1812da6c28aaSamw smbadm_getprop_tkowner(char *gname, smbadm_prop_t *prop) 1813da6c28aaSamw { 1814da6c28aaSamw return (smbadm_group_getpriv(gname, SE_TAKE_OWNERSHIP_LUID, prop)); 1815da6c28aaSamw } 1816da6c28aaSamw 18170292c176SMatt Barden static int 18180292c176SMatt Barden smbadm_setprop_readfile(char *gname, smbadm_prop_t *prop) 18190292c176SMatt Barden { 18200292c176SMatt Barden return (smbadm_group_setpriv(gname, SE_READ_FILE_LUID, prop)); 18210292c176SMatt Barden } 18220292c176SMatt Barden 18230292c176SMatt Barden static int 18240292c176SMatt Barden smbadm_getprop_readfile(char *gname, smbadm_prop_t *prop) 18250292c176SMatt Barden { 18260292c176SMatt Barden return (smbadm_group_getpriv(gname, SE_READ_FILE_LUID, prop)); 18270292c176SMatt Barden } 18280292c176SMatt Barden 18290292c176SMatt Barden static int 18300292c176SMatt Barden smbadm_setprop_writefile(char *gname, smbadm_prop_t *prop) 18310292c176SMatt Barden { 18320292c176SMatt Barden return (smbadm_group_setpriv(gname, SE_WRITE_FILE_LUID, prop)); 18330292c176SMatt Barden } 18340292c176SMatt Barden 18350292c176SMatt Barden static int 18360292c176SMatt Barden smbadm_getprop_writefile(char *gname, smbadm_prop_t *prop) 18370292c176SMatt Barden { 18380292c176SMatt Barden return (smbadm_group_getpriv(gname, SE_WRITE_FILE_LUID, prop)); 18390292c176SMatt Barden } 18400292c176SMatt Barden 1841da6c28aaSamw static int 1842da6c28aaSamw smbadm_setprop_backup(char *gname, smbadm_prop_t *prop) 1843da6c28aaSamw { 1844da6c28aaSamw return (smbadm_group_setpriv(gname, SE_BACKUP_LUID, prop)); 1845da6c28aaSamw } 1846da6c28aaSamw 1847da6c28aaSamw static int 1848da6c28aaSamw smbadm_getprop_backup(char *gname, smbadm_prop_t *prop) 1849da6c28aaSamw { 1850da6c28aaSamw return (smbadm_group_getpriv(gname, SE_BACKUP_LUID, prop)); 1851da6c28aaSamw } 1852da6c28aaSamw 1853da6c28aaSamw static int 1854da6c28aaSamw smbadm_setprop_restore(char *gname, smbadm_prop_t *prop) 1855da6c28aaSamw { 1856da6c28aaSamw return (smbadm_group_setpriv(gname, SE_RESTORE_LUID, prop)); 1857da6c28aaSamw } 1858da6c28aaSamw 1859da6c28aaSamw static int 1860da6c28aaSamw smbadm_getprop_restore(char *gname, smbadm_prop_t *prop) 1861da6c28aaSamw { 1862da6c28aaSamw return (smbadm_group_getpriv(gname, SE_RESTORE_LUID, prop)); 1863da6c28aaSamw } 1864da6c28aaSamw 1865da6c28aaSamw static boolean_t 1866da6c28aaSamw smbadm_chkprop_priv(smbadm_prop_t *prop) 1867da6c28aaSamw { 1868da6c28aaSamw if (prop->p_value == NULL || *prop->p_value == '\0') { 1869da6c28aaSamw (void) fprintf(stderr, 1870da6c28aaSamw gettext("missing value for '%s'\n"), prop->p_name); 1871da6c28aaSamw return (B_FALSE); 1872da6c28aaSamw } 1873da6c28aaSamw 1874da6c28aaSamw if (strcasecmp(prop->p_value, "on") == 0) 1875da6c28aaSamw return (B_TRUE); 1876da6c28aaSamw 1877da6c28aaSamw if (strcasecmp(prop->p_value, "off") == 0) 1878da6c28aaSamw return (B_TRUE); 1879da6c28aaSamw 1880da6c28aaSamw (void) fprintf(stderr, 1881da6c28aaSamw gettext("%s: unrecognized value for '%s' property\n"), 1882da6c28aaSamw prop->p_value, prop->p_name); 1883da6c28aaSamw 1884da6c28aaSamw return (B_FALSE); 1885da6c28aaSamw } 1886da6c28aaSamw 1887da6c28aaSamw static const char * 1888da6c28aaSamw smbadm_pwd_strerror(int error) 1889da6c28aaSamw { 1890da6c28aaSamw switch (error) { 1891da6c28aaSamw case SMB_PWE_SUCCESS: 1892da6c28aaSamw return (gettext("Success.")); 1893da6c28aaSamw 1894da6c28aaSamw case SMB_PWE_USER_UNKNOWN: 1895da6c28aaSamw return (gettext("User does not exist.")); 1896da6c28aaSamw 1897da6c28aaSamw case SMB_PWE_USER_DISABLE: 18988d7e4166Sjose borrego return (gettext("User is disabled.")); 1899da6c28aaSamw 1900da6c28aaSamw case SMB_PWE_CLOSE_FAILED: 1901da6c28aaSamw case SMB_PWE_OPEN_FAILED: 1902da6c28aaSamw case SMB_PWE_WRITE_FAILED: 1903da6c28aaSamw case SMB_PWE_UPDATE_FAILED: 1904da6c28aaSamw return (gettext("Unexpected failure. " 1905da6c28aaSamw "SMB password database unchanged.")); 1906da6c28aaSamw 1907da6c28aaSamw case SMB_PWE_STAT_FAILED: 1908da6c28aaSamw return (gettext("stat of SMB password file failed.")); 1909da6c28aaSamw 1910da6c28aaSamw case SMB_PWE_BUSY: 1911da6c28aaSamw return (gettext("SMB password database busy. " 1912da6c28aaSamw "Try again later.")); 1913da6c28aaSamw 1914da6c28aaSamw case SMB_PWE_DENIED: 1915da6c28aaSamw return (gettext("Operation not permitted.")); 1916da6c28aaSamw 1917da6c28aaSamw case SMB_PWE_SYSTEM_ERROR: 1918da6c28aaSamw return (gettext("System error.")); 19193db3f65cSamw 19203db3f65cSamw default: 19213db3f65cSamw break; 1922da6c28aaSamw } 1923da6c28aaSamw 1924da6c28aaSamw return (gettext("Unknown error code.")); 1925da6c28aaSamw } 1926da6c28aaSamw 1927da6c28aaSamw /* 1928da6c28aaSamw * Enable libumem debugging by default on DEBUG builds. 1929da6c28aaSamw */ 1930da6c28aaSamw #ifdef DEBUG 1931da6c28aaSamw const char * 1932da6c28aaSamw _umem_debug_init(void) 1933da6c28aaSamw { 1934da6c28aaSamw return ("default,verbose"); /* $UMEM_DEBUG setting */ 1935da6c28aaSamw } 1936da6c28aaSamw 1937da6c28aaSamw const char * 1938da6c28aaSamw _umem_logging_init(void) 1939da6c28aaSamw { 1940da6c28aaSamw return ("fail,contents"); /* $UMEM_LOGGING setting */ 1941da6c28aaSamw } 1942da6c28aaSamw #endif 1943