#!/bin/bash
# idmap script to map SIDs to UIDs/GIDs using NIS
# tridge@samba.org June 2009

DOMAIN=$(ypdomainname)

(
    date
    echo $*
) >> /var/log/samba/idmap.log

cmd=$1
shift

PATH=/usr/bin:bin:$PATH

shopt -s nocasematch || {
    echo "shell option nocasematch not supported"
    exit 1
}

# map from a domain and name to a uid/gid
map_name() {
    domain="$1"
    name="$2"
    ntype="$3"
    case $ntype in
	1)
	    rtype="UID"
	    map="passwd"
	    ;;
	2)
	    rtype="GID"
	    map="group"
	    ;;
	*)
	    echo "ERR: bad name type $ntype"
	    exit 1
	    ;;
    esac
    id=$(ypmatch "$name" "$map".byname 2>/dev/null | cut -d: -f3)
    [ -z "$id" ] && {
	echo "ERR: bad match for $name in map $map"
	exit 1
    }
    echo "$rtype":"$id"
}

# map from a unix id to a name
map_id() {
    ntype="$1"
    id="$2"
    case $ntype in
	UID)
	    map="passwd.byuid"
	    ;;
	GID)
	    map="group.bygid"
	    ;;
	*)
	    echo "ERR: bad name type $ntype"
	    exit 1
	    ;;
    esac
    name="$(ypmatch "$id" "$map" 2>/dev/null | cut -d: -f1)"
    [ -z "$name" ] && {
	echo "ERR: bad match for $name in map $map"
	exit 1
    }
    echo "$name"
}


case $cmd in
    SIDTOID)
	sid=$1
	rid=`echo $sid | cut -d- -f8`
	[ -z "$rid" ] && {
	    echo "ERR: bad rid in SID $sid"
	    exit 1
	}
	
	unset _NO_WINBINDD
	# oh, this is ugly. Shell is just not meant for parsing text
	fullname=`wbinfo -s $sid 2> /dev/null`
	domain=`echo $fullname | cut -d'\' -f1`
	[[ "$domain" = $DOMAIN ]] || {
	    echo "ERR: bad domain $domain"
	    exit 1
	}
	name=`echo $fullname | cut -d'\' -f2`
	nwords=`echo $name | wc -w`
	ntype=`echo $name | cut -d' ' -f$nwords`
	nminusone=`expr $nwords - 1`
	name=`echo $name | cut -d' ' -f-$nminusone`
	[ -z "$name" ] && {
	    echo "ERR: bad name $fullname for SID $sid"
	    exit 1
	}
	map_name "$domain" "$name" "$ntype"
	;;
    IDTOSID)
	ntype=$1
	id=$2
	name="$(map_id "$ntype" "$id")"
	sid="$(wbinfo -n "$name" 2>/dev/null | cut -d' ' -f1)"
	[ -z "$sid" ] && {
	    echo "ERR: name $name not found in ADS"
	    exit 1
	}
	echo "SID:$sid"
	;;
    *)
	echo "ERR: Unknown command $cmd"
	exit 1;
	;;
esac

exit 0