| 1 | #!/bin/bash
|
|---|
| 2 | # idmap script to map SIDs to UIDs/GIDs using NIS
|
|---|
| 3 | # tridge@samba.org June 2009
|
|---|
| 4 |
|
|---|
| 5 | DOMAIN=$(ypdomainname)
|
|---|
| 6 |
|
|---|
| 7 | (
|
|---|
| 8 | date
|
|---|
| 9 | echo $*
|
|---|
| 10 | ) >> /var/log/samba/idmap.log
|
|---|
| 11 |
|
|---|
| 12 | cmd=$1
|
|---|
| 13 | shift
|
|---|
| 14 |
|
|---|
| 15 | PATH=/usr/bin:bin:$PATH
|
|---|
| 16 |
|
|---|
| 17 | shopt -s nocasematch || {
|
|---|
| 18 | echo "shell option nocasematch not supported"
|
|---|
| 19 | exit 1
|
|---|
| 20 | }
|
|---|
| 21 |
|
|---|
| 22 | # map from a domain and name to a uid/gid
|
|---|
| 23 | map_name() {
|
|---|
| 24 | domain="$1"
|
|---|
| 25 | name="$2"
|
|---|
| 26 | ntype="$3"
|
|---|
| 27 | case $ntype in
|
|---|
| 28 | 1)
|
|---|
| 29 | rtype="UID"
|
|---|
| 30 | map="passwd"
|
|---|
| 31 | ;;
|
|---|
| 32 | 2)
|
|---|
| 33 | rtype="GID"
|
|---|
| 34 | map="group"
|
|---|
| 35 | ;;
|
|---|
| 36 | *)
|
|---|
| 37 | echo "ERR: bad name type $ntype"
|
|---|
| 38 | exit 1
|
|---|
| 39 | ;;
|
|---|
| 40 | esac
|
|---|
| 41 | id=$(ypmatch "$name" "$map".byname 2>/dev/null | cut -d: -f3)
|
|---|
| 42 | [ -z "$id" ] && {
|
|---|
| 43 | echo "ERR: bad match for $name in map $map"
|
|---|
| 44 | exit 1
|
|---|
| 45 | }
|
|---|
| 46 | echo "$rtype":"$id"
|
|---|
| 47 | }
|
|---|
| 48 |
|
|---|
| 49 | # map from a unix id to a name
|
|---|
| 50 | map_id() {
|
|---|
| 51 | ntype="$1"
|
|---|
| 52 | id="$2"
|
|---|
| 53 | case $ntype in
|
|---|
| 54 | UID)
|
|---|
| 55 | map="passwd.byuid"
|
|---|
| 56 | ;;
|
|---|
| 57 | GID)
|
|---|
| 58 | map="group.bygid"
|
|---|
| 59 | ;;
|
|---|
| 60 | *)
|
|---|
| 61 | echo "ERR: bad name type $ntype"
|
|---|
| 62 | exit 1
|
|---|
| 63 | ;;
|
|---|
| 64 | esac
|
|---|
| 65 | name="$(ypmatch "$id" "$map" 2>/dev/null | cut -d: -f1)"
|
|---|
| 66 | [ -z "$name" ] && {
|
|---|
| 67 | echo "ERR: bad match for $name in map $map"
|
|---|
| 68 | exit 1
|
|---|
| 69 | }
|
|---|
| 70 | echo "$name"
|
|---|
| 71 | }
|
|---|
| 72 |
|
|---|
| 73 |
|
|---|
| 74 | case $cmd in
|
|---|
| 75 | SIDTOID)
|
|---|
| 76 | sid=$1
|
|---|
| 77 | rid=`echo $sid | cut -d- -f8`
|
|---|
| 78 | [ -z "$rid" ] && {
|
|---|
| 79 | echo "ERR: bad rid in SID $sid"
|
|---|
| 80 | exit 1
|
|---|
| 81 | }
|
|---|
| 82 |
|
|---|
| 83 | unset _NO_WINBINDD
|
|---|
| 84 | # oh, this is ugly. Shell is just not meant for parsing text
|
|---|
| 85 | fullname=`wbinfo -s $sid 2> /dev/null`
|
|---|
| 86 | domain=`echo $fullname | cut -d'\' -f1`
|
|---|
| 87 | [[ "$domain" = $DOMAIN ]] || {
|
|---|
| 88 | echo "ERR: bad domain $domain"
|
|---|
| 89 | exit 1
|
|---|
| 90 | }
|
|---|
| 91 | name=`echo $fullname | cut -d'\' -f2`
|
|---|
| 92 | nwords=`echo $name | wc -w`
|
|---|
| 93 | ntype=`echo $name | cut -d' ' -f$nwords`
|
|---|
| 94 | nminusone=`expr $nwords - 1`
|
|---|
| 95 | name=`echo $name | cut -d' ' -f-$nminusone`
|
|---|
| 96 | [ -z "$name" ] && {
|
|---|
| 97 | echo "ERR: bad name $fullname for SID $sid"
|
|---|
| 98 | exit 1
|
|---|
| 99 | }
|
|---|
| 100 | map_name "$domain" "$name" "$ntype"
|
|---|
| 101 | ;;
|
|---|
| 102 | IDTOSID)
|
|---|
| 103 | ntype=$1
|
|---|
| 104 | id=$2
|
|---|
| 105 | name="$(map_id "$ntype" "$id")"
|
|---|
| 106 | sid="$(wbinfo -n "$name" 2>/dev/null | cut -d' ' -f1)"
|
|---|
| 107 | [ -z "$sid" ] && {
|
|---|
| 108 | echo "ERR: name $name not found in ADS"
|
|---|
| 109 | exit 1
|
|---|
| 110 | }
|
|---|
| 111 | echo "SID:$sid"
|
|---|
| 112 | ;;
|
|---|
| 113 | *)
|
|---|
| 114 | echo "ERR: Unknown command $cmd"
|
|---|
| 115 | exit 1;
|
|---|
| 116 | ;;
|
|---|
| 117 | esac
|
|---|
| 118 |
|
|---|
| 119 | exit 0
|
|---|
