2006-02-04 01:19:41 +03:00
/*
* Unix SMB / CIFS implementation .
* Local SAM access routines
* Copyright ( C ) Volker Lendecke 2006
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-02-04 01:19:41 +03:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-02-04 01:19:41 +03:00
*/
# include "includes.h"
2011-02-25 19:14:22 +03:00
# include "system/passwd.h"
2006-02-04 01:19:41 +03:00
# include "utils/net.h"
2010-08-03 00:52:00 +04:00
# include "../librpc/gen_ndr/samr.h"
2010-08-26 16:07:20 +04:00
# include "smbldap.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-02-25 00:30:16 +03:00
# include "lib/winbind_util.h"
2011-03-18 20:58:37 +03:00
# include "passdb.h"
2011-03-25 13:56:52 +03:00
# include "lib/privileges.h"
2006-02-04 01:19:41 +03:00
/*
* Set a user ' s data
*/
2008-05-10 01:22:12 +04:00
static int net_sam_userset ( struct net_context * c , int argc , const char * * argv ,
const char * field ,
2007-10-19 04:40:25 +04:00
bool ( * fn ) ( struct samu * , const char * ,
2006-02-04 01:19:41 +03:00
enum pdb_value_state ) )
{
2006-02-20 23:09:36 +03:00
struct samu * sam_acct = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2006-02-04 01:19:41 +03:00
const char * dom , * name ;
NTSTATUS status ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n " , _ ( " Usage: " ) ) ;
d_fprintf ( stderr , _ ( " net sam set %s <user> <value> \n " ) ,
2006-02-04 01:19:41 +03:00
field ) ;
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( type ! = SID_NAME_USER ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a %s, not a user \n " ) , argv [ 0 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( type ) ) ;
return - 1 ;
}
2006-02-21 17:34:11 +03:00
if ( ! ( sam_acct = samu_new ( NULL ) ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Internal error \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( ! pdb_getsampwsid ( sam_acct , & sid ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Loading user %s failed \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( ! fn ( sam_acct , argv [ 1 ] , PDB_CHANGED ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Internal error \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
status = pdb_update_sam_account ( sam_acct ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Updating sam account %s failed with %s \n " ) ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sam_acct ) ;
2006-02-04 01:19:41 +03:00
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Updated %s for %s \\ %s to %s \n " ) , field , dom , name , argv [ 1 ] ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_fullname ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " fullname " ,
2006-02-04 01:19:41 +03:00
pdb_set_fullname ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_logonscript ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " logonscript " ,
2006-02-04 01:19:41 +03:00
pdb_set_logon_script ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_profilepath ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " profilepath " ,
2006-02-04 01:19:41 +03:00
pdb_set_profile_path ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_homedrive ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " homedrive " ,
2006-02-04 01:19:41 +03:00
pdb_set_dir_drive ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_homedir ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " homedir " ,
2006-02-04 01:19:41 +03:00
pdb_set_homedir ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_workstations ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " workstations " ,
2006-02-04 01:19:41 +03:00
pdb_set_workstations ) ;
}
/*
* Set account flags
*/
2008-05-10 01:22:12 +04:00
static int net_sam_set_userflag ( struct net_context * c , int argc ,
const char * * argv , const char * field ,
2006-02-04 01:19:41 +03:00
uint16 flag )
{
2006-02-20 23:09:36 +03:00
struct samu * sam_acct = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2006-02-04 01:19:41 +03:00
const char * dom , * name ;
NTSTATUS status ;
2009-10-28 12:56:01 +03:00
uint32_t acct_flags ;
2006-02-04 01:19:41 +03:00
2008-06-07 04:13:52 +04:00
if ( ( argc ! = 2 ) | | c - > display_usage | |
( ! strequal ( argv [ 1 ] , " yes " ) & &
! strequal ( argv [ 1 ] , " no " ) ) ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n " , _ ( " Usage: " ) ) ;
d_fprintf ( stderr , _ ( " net sam set %s <user> [yes|no] \n " ) ,
2006-02-04 01:19:41 +03:00
field ) ;
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( type ! = SID_NAME_USER ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a %s, not a user \n " ) , argv [ 0 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( type ) ) ;
return - 1 ;
}
2006-02-21 17:34:11 +03:00
if ( ! ( sam_acct = samu_new ( NULL ) ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Internal error \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( ! pdb_getsampwsid ( sam_acct , & sid ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Loading user %s failed \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
acct_flags = pdb_get_acct_ctrl ( sam_acct ) ;
if ( strequal ( argv [ 1 ] , " yes " ) ) {
acct_flags | = flag ;
} else {
acct_flags & = ~ flag ;
}
pdb_set_acct_ctrl ( sam_acct , acct_flags , PDB_CHANGED ) ;
status = pdb_update_sam_account ( sam_acct ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Updating sam account %s failed with %s \n " ) ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sam_acct ) ;
2006-02-04 01:19:41 +03:00
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Updated flag %s for %s \\ %s to %s \n " ) , field , dom ,
2006-02-04 01:19:41 +03:00
name , argv [ 1 ] ) ;
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_disabled ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_set_userflag ( c , argc , argv , " disabled " , ACB_DISABLED ) ;
2006-02-04 01:19:41 +03:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_pwnotreq ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_set_userflag ( c , argc , argv , " pwnotreq " , ACB_PWNOTREQ ) ;
2006-02-04 01:19:41 +03:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_autolock ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_set_userflag ( c , argc , argv , " autolock " , ACB_AUTOLOCK ) ;
2006-02-04 01:19:41 +03:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_set_pwnoexp ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_set_userflag ( c , argc , argv , " pwnoexp " , ACB_PWNOEXP ) ;
2006-02-04 01:19:41 +03:00
}
/*
2006-09-21 03:56:07 +04:00
* Set pass last change time , based on force pass change now
2006-02-04 01:19:41 +03:00
*/
2008-05-10 01:22:12 +04:00
static int net_sam_set_pwdmustchangenow ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2006-02-20 23:09:36 +03:00
struct samu * sam_acct = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2006-02-04 01:19:41 +03:00
const char * dom , * name ;
NTSTATUS status ;
2008-06-07 04:13:52 +04:00
if ( ( argc ! = 2 ) | | c - > display_usage | |
( ! strequal ( argv [ 1 ] , " yes " ) & &
! strequal ( argv [ 1 ] , " no " ) ) ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam set pwdmustchangenow <user> [yes|no] \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( type ! = SID_NAME_USER ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a %s, not a user \n " ) , argv [ 0 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( type ) ) ;
return - 1 ;
}
2006-02-21 17:34:11 +03:00
if ( ! ( sam_acct = samu_new ( NULL ) ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Internal error \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( ! pdb_getsampwsid ( sam_acct , & sid ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Loading user %s failed \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2006-09-21 03:56:07 +04:00
if ( strequal ( argv [ 1 ] , " yes " ) ) {
pdb_set_pass_last_set_time ( sam_acct , 0 , PDB_CHANGED ) ;
} else {
pdb_set_pass_last_set_time ( sam_acct , time ( NULL ) , PDB_CHANGED ) ;
2006-02-04 01:19:41 +03:00
}
status = pdb_update_sam_account ( sam_acct ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Updating sam account %s failed with %s \n " ) ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sam_acct ) ;
2006-02-04 01:19:41 +03:00
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Updated 'user must change password at next logon' "
" for %s \\ %s to %s \n " ) , dom ,
2006-09-21 03:56:07 +04:00
name , argv [ 1 ] ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
/*
* Set a user ' s or a group ' s comment
*/
2008-05-10 01:22:12 +04:00
static int net_sam_set_comment ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2006-02-04 01:19:41 +03:00
const char * dom , * name ;
NTSTATUS status ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam set comment <name> <comment> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( type = = SID_NAME_USER ) {
2008-05-10 01:22:12 +04:00
return net_sam_userset ( c , argc , argv , " comment " ,
2006-02-04 01:19:41 +03:00
pdb_set_acct_desc ) ;
}
if ( ( type ! = SID_NAME_DOM_GRP ) & & ( type ! = SID_NAME_ALIAS ) & &
( type ! = SID_NAME_WKN_GRP ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a %s, not a group \n " ) , argv [ 0 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( type ) ) ;
return - 1 ;
}
2011-09-27 01:55:47 +04:00
map = talloc_zero ( talloc_tos ( ) , GROUP_MAP ) ;
if ( ! map ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
return - 1 ;
}
if ( ! pdb_getgrsid ( map , sid ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not load group %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2011-09-27 01:55:47 +04:00
map - > comment = talloc_strdup ( map , argv [ 1 ] ) ;
if ( ! map - > comment ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
return - 1 ;
}
2006-02-04 01:19:41 +03:00
2011-09-27 01:55:47 +04:00
status = pdb_update_group_mapping_entry ( map ) ;
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Updating group mapping entry failed with "
" %s \n " ) , nt_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
d_printf ( " Updated comment of group %s \\ %s to %s \n " , dom , name ,
argv [ 1 ] ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_set ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-06-07 04:13:52 +04:00
{
" homedir " ,
net_sam_set_homedir ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a user's home directory " ) ,
N_ ( " net sam set homedir \n "
" Change a user's home directory " )
2008-06-07 04:13:52 +04:00
} ,
{
" profilepath " ,
net_sam_set_profilepath ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a user's profile path " ) ,
N_ ( " net sam set profilepath \n "
" Change a user's profile path " )
2008-06-07 04:13:52 +04:00
} ,
{
" comment " ,
net_sam_set_comment ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a users or groups description " ) ,
N_ ( " net sam set comment \n "
" Change a users or groups description " )
2008-06-07 04:13:52 +04:00
} ,
{
" fullname " ,
net_sam_set_fullname ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a user's full name " ) ,
N_ ( " net sam set fullname \n "
" Change a user's full name " )
2008-06-07 04:13:52 +04:00
} ,
{
" logonscript " ,
net_sam_set_logonscript ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a user's logon script " ) ,
N_ ( " net sam set logonscript \n "
" Change a user's logon script " )
2008-06-07 04:13:52 +04:00
} ,
{
" homedrive " ,
net_sam_set_homedrive ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a user's home drive " ) ,
N_ ( " net sam set homedrive \n "
" Change a user's home drive " )
2008-06-07 04:13:52 +04:00
} ,
{
" workstations " ,
net_sam_set_workstations ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change a user's allowed workstations " ) ,
N_ ( " net sam set workstations \n "
" Change a user's allowed workstations " )
2008-06-07 04:13:52 +04:00
} ,
{
" disabled " ,
net_sam_set_disabled ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Disable/Enable a user " ) ,
N_ ( " net sam set disable \n "
" Disable/Enable a user " )
2008-06-07 04:13:52 +04:00
} ,
{
" pwnotreq " ,
net_sam_set_pwnotreq ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Disable/Enable the password not required flag " ) ,
N_ ( " net sam set pwnotreq \n "
" Disable/Enable the password not required flag " )
2008-06-07 04:13:52 +04:00
} ,
{
" autolock " ,
net_sam_set_autolock ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Disable/Enable a user's lockout flag " ) ,
N_ ( " net sam set autolock \n "
" Disable/Enable a user's lockout flag " )
2008-06-07 04:13:52 +04:00
} ,
{
" pwnoexp " ,
net_sam_set_pwnoexp ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Disable/Enable whether a user's pw does not "
" expire " ) ,
N_ ( " net sam set pwnoexp \n "
" Disable/Enable whether a user's pw does not "
" expire " )
2008-06-07 04:13:52 +04:00
} ,
{
" pwdmustchangenow " ,
net_sam_set_pwdmustchangenow ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Force users password must change at next logon " ) ,
N_ ( " net sam set pwdmustchangenow \n "
" Force users password must change at next logon " )
2008-06-07 04:13:52 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2006-02-04 01:19:41 +03:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net sam set " , func ) ;
2006-02-04 01:19:41 +03:00
}
2006-09-15 19:27:13 +04:00
/*
2006-11-22 17:17:36 +03:00
* Manage account policies
2006-09-15 19:27:13 +04:00
*/
2008-05-10 01:22:12 +04:00
static int net_sam_policy_set ( struct net_context * c , int argc , const char * * argv )
2006-09-15 19:27:13 +04:00
{
const char * account_policy = NULL ;
2007-09-08 08:45:59 +04:00
uint32 value = 0 ;
uint32 old_value = 0 ;
2009-07-15 13:03:04 +04:00
enum pdb_policy_type field ;
2006-12-01 17:54:31 +03:00
char * endptr ;
2006-09-15 19:27:13 +04:00
2008-06-07 04:13:52 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam policy set \" <account policy> \" <value> \n " ) ) ;
2006-11-22 17:17:36 +03:00
return - 1 ;
}
2006-09-15 19:27:13 +04:00
account_policy = argv [ 0 ] ;
2009-07-15 13:03:04 +04:00
field = account_policy_name_to_typenum ( account_policy ) ;
2007-01-10 18:31:42 +03:00
if ( strequal ( argv [ 1 ] , " forever " ) | | strequal ( argv [ 1 ] , " never " )
| | strequal ( argv [ 1 ] , " off " ) ) {
value = - 1 ;
}
else {
value = strtoul ( argv [ 1 ] , & endptr , 10 ) ;
if ( ( endptr = = argv [ 1 ] ) | | ( endptr [ 0 ] ! = ' \0 ' ) ) {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Unable to set policy \" %s \" ! Invalid value "
" \" %s \" . \n " ) ,
account_policy , argv [ 1 ] ) ;
2007-01-10 18:31:42 +03:00
return - 1 ;
}
}
2006-09-15 19:27:13 +04:00
2006-12-01 17:54:31 +03:00
if ( field = = 0 ) {
const char * * names ;
int i , count ;
2011-08-15 11:12:46 +04:00
account_policy_names_list ( talloc_tos ( ) , & names , & count ) ;
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " No account policy \" %s \" ! \n \n " ) , argv [ 0 ] ) ;
d_fprintf ( stderr , _ ( " Valid account policies are: \n " ) ) ;
2006-12-01 17:54:31 +03:00
for ( i = 0 ; i < count ; i + + ) {
d_fprintf ( stderr , " %s \n " , names [ i ] ) ;
}
2011-08-15 11:12:46 +04:00
TALLOC_FREE ( names ) ;
2006-12-01 17:54:31 +03:00
return - 1 ;
}
2006-11-22 19:39:07 +03:00
if ( ! pdb_get_account_policy ( field , & old_value ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Valid account policy, but unable to fetch "
" value! \n " ) ) ;
2007-09-08 08:45:59 +04:00
} else {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Account policy \" %s \" value was: %d \n " ) ,
account_policy , old_value ) ;
2006-12-01 17:54:31 +03:00
}
2006-09-15 19:27:13 +04:00
2006-12-01 17:54:31 +03:00
if ( ! pdb_set_account_policy ( field , value ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Valid account policy, but unable to "
" set value! \n " ) ) ;
2006-12-01 17:54:31 +03:00
return - 1 ;
2007-09-08 08:45:59 +04:00
} else {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Account policy \" %s \" value is now: %d \n " ) ,
account_policy , value ) ;
2006-12-01 17:54:31 +03:00
}
2006-09-15 19:27:13 +04:00
2006-12-01 17:54:31 +03:00
return 0 ;
2006-11-22 17:17:36 +03:00
}
2006-09-15 19:27:13 +04:00
2008-05-10 01:22:12 +04:00
static int net_sam_policy_show ( struct net_context * c , int argc , const char * * argv )
2006-11-22 17:17:36 +03:00
{
const char * account_policy = NULL ;
uint32 old_value ;
2009-07-15 13:03:04 +04:00
enum pdb_policy_type field ;
2006-11-22 17:17:36 +03:00
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam policy show \" <account policy> \" \n " ) ) ;
2006-11-22 17:17:36 +03:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2006-11-22 17:17:36 +03:00
account_policy = argv [ 0 ] ;
2009-07-15 13:03:04 +04:00
field = account_policy_name_to_typenum ( account_policy ) ;
2006-11-22 17:17:36 +03:00
if ( field = = 0 ) {
2006-12-01 17:54:31 +03:00
const char * * names ;
int count ;
int i ;
2011-08-15 11:12:46 +04:00
account_policy_names_list ( talloc_tos ( ) , & names , & count ) ;
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " No account policy by that name! \n " ) ) ;
2006-12-01 17:54:31 +03:00
if ( count ! = 0 ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Valid account policies "
" are: \n " ) ) ;
2006-12-01 17:54:31 +03:00
for ( i = 0 ; i < count ; i + + ) {
d_fprintf ( stderr , " %s \n " , names [ i ] ) ;
}
2006-11-22 17:17:36 +03:00
}
2011-08-15 11:12:46 +04:00
TALLOC_FREE ( names ) ;
2006-11-22 17:17:36 +03:00
return - 1 ;
}
2006-09-15 19:27:13 +04:00
2006-11-22 17:17:36 +03:00
if ( ! pdb_get_account_policy ( field , & old_value ) ) {
2009-08-11 10:31:04 +04:00
fprintf ( stderr , _ ( " Valid account policy, but unable to "
" fetch value! \n " ) ) ;
2006-11-22 17:17:36 +03:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2009-08-11 10:31:04 +04:00
printf ( _ ( " Account policy \" %s \" description: %s \n " ) ,
2006-11-22 17:17:36 +03:00
account_policy , account_policy_get_desc ( field ) ) ;
2009-08-11 10:31:04 +04:00
printf ( _ ( " Account policy \" %s \" value is: %d \n " ) , account_policy ,
2006-09-15 19:27:13 +04:00
old_value ) ;
2006-11-22 17:17:36 +03:00
return 0 ;
}
2006-09-15 19:27:13 +04:00
2008-05-10 01:22:12 +04:00
static int net_sam_policy_list ( struct net_context * c , int argc , const char * * argv )
2006-11-22 17:17:36 +03:00
{
2006-12-01 17:54:31 +03:00
const char * * names ;
int count ;
int i ;
2008-06-07 04:13:52 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n "
2009-08-11 10:31:04 +04:00
" net sam policy list \n "
2010-01-19 13:43:54 +03:00
" %s \n " ,
_ ( " Usage: " ) ,
_ ( " List account policies " ) ) ;
2008-06-07 04:13:52 +04:00
return 0 ;
}
2011-08-15 11:12:46 +04:00
account_policy_names_list ( talloc_tos ( ) , & names , & count ) ;
2006-12-01 17:54:31 +03:00
if ( count ! = 0 ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Valid account policies "
" are: \n " ) ) ;
2006-12-01 17:54:31 +03:00
for ( i = 0 ; i < count ; i + + ) {
d_fprintf ( stderr , " %s \n " , names [ i ] ) ;
}
2006-09-15 19:27:13 +04:00
}
2011-08-15 11:12:46 +04:00
TALLOC_FREE ( names ) ;
2006-11-22 17:17:36 +03:00
return - 1 ;
2006-09-15 19:27:13 +04:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_policy ( struct net_context * c , int argc , const char * * argv )
2006-11-22 17:17:36 +03:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-06-07 04:13:52 +04:00
{
" list " ,
net_sam_policy_list ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List account policies " ) ,
N_ ( " net sam policy list \n "
" List account policies " )
2008-06-07 04:13:52 +04:00
} ,
{
" show " ,
net_sam_policy_show ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Show account policies " ) ,
N_ ( " net sam policy show \n "
" Show account policies " )
2008-06-07 04:13:52 +04:00
} ,
{
" set " ,
net_sam_policy_set ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Change account policies " ) ,
N_ ( " net sam policy set \n "
" Change account policies " )
2008-06-07 04:13:52 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2006-11-22 17:17:36 +03:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net sam policy " , func ) ;
2006-11-22 17:17:36 +03:00
}
2006-09-15 19:27:13 +04:00
2008-05-10 01:22:12 +04:00
static int net_sam_rights_list ( struct net_context * c , int argc ,
const char * * argv )
2007-09-09 00:30:51 +04:00
{
2010-08-30 08:17:02 +04:00
enum sec_privilege privilege ;
2007-09-09 00:30:51 +04:00
2008-06-07 04:13:52 +04:00
if ( argc > 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam rights list [privilege name] \n " ) ) ;
2007-09-09 00:30:51 +04:00
return - 1 ;
}
if ( argc = = 0 ) {
int i ;
2010-08-27 06:19:09 +04:00
int num = num_privileges_in_short_list ( ) ;
2007-09-09 00:30:51 +04:00
for ( i = 0 ; i < num ; i + + ) {
2010-08-27 06:19:09 +04:00
d_printf ( " %s \n " , sec_privilege_name_from_index ( i ) ) ;
2007-09-09 00:30:51 +04:00
}
return 0 ;
}
2010-08-30 08:17:02 +04:00
privilege = sec_privilege_id ( argv [ 0 ] ) ;
if ( privilege ! = SEC_PRIV_INVALID ) {
2010-05-21 05:25:01 +04:00
struct dom_sid * sids ;
2007-09-09 00:30:51 +04:00
int i , num_sids ;
NTSTATUS status ;
2010-08-30 08:17:02 +04:00
status = privilege_enum_sids ( privilege , talloc_tos ( ) ,
2007-09-09 00:30:51 +04:00
& sids , & num_sids ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not list rights: %s \n " ) ,
2007-09-09 00:30:51 +04:00
nt_errstr ( status ) ) ;
return - 1 ;
}
for ( i = 0 ; i < num_sids ; i + + ) {
const char * dom , * name ;
enum lsa_SidType type ;
if ( lookup_sid ( talloc_tos ( ) , & sids [ i ] , & dom , & name ,
& type ) ) {
d_printf ( " %s \\ %s \n " , dom , name ) ;
}
else {
d_printf ( " %s \n " , sid_string_tos ( & sids [ i ] ) ) ;
}
}
return 0 ;
}
return - 1 ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_rights_grant ( struct net_context * c , int argc ,
const char * * argv )
2007-09-09 00:30:51 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2007-09-09 00:30:51 +04:00
enum lsa_SidType type ;
const char * dom , * name ;
2009-06-17 14:31:49 +04:00
int i ;
2007-09-09 00:30:51 +04:00
2009-06-17 14:31:49 +04:00
if ( argc < 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam rights grant <name> <rights> ... \n " ) ) ;
2007-09-09 00:30:51 +04:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2009-06-17 20:29:20 +04:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2007-09-09 00:30:51 +04:00
return - 1 ;
}
2009-06-17 14:31:49 +04:00
for ( i = 1 ; i < argc ; i + + ) {
2010-08-30 09:27:40 +04:00
enum sec_privilege privilege = sec_privilege_id ( argv [ i ] ) ;
if ( privilege = = SEC_PRIV_INVALID ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s unknown \n " ) , argv [ i ] ) ;
2009-06-17 14:31:49 +04:00
return - 1 ;
}
2007-09-09 00:30:51 +04:00
2010-08-30 09:27:40 +04:00
if ( ! grant_privilege_by_name ( & sid , argv [ i ] ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not grant privilege \n " ) ) ;
2009-06-17 14:31:49 +04:00
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Granted %s to %s \\ %s \n " ) , argv [ i ] , dom , name ) ;
2007-09-09 00:30:51 +04:00
}
return 0 ;
}
2009-06-17 20:29:20 +04:00
static int net_sam_rights_revoke ( struct net_context * c , int argc ,
const char * * argv )
2007-09-09 00:30:51 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2007-09-09 00:30:51 +04:00
enum lsa_SidType type ;
const char * dom , * name ;
2009-06-17 20:29:20 +04:00
int i ;
2007-09-09 00:30:51 +04:00
2009-06-17 20:29:20 +04:00
if ( argc < 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam rights revoke <name> <rights> \n " ) ) ;
2007-09-09 00:30:51 +04:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2009-06-17 20:29:20 +04:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2007-09-09 00:30:51 +04:00
return - 1 ;
}
2009-06-17 20:29:20 +04:00
for ( i = 1 ; i < argc ; i + + ) {
2010-08-30 09:27:40 +04:00
enum sec_privilege privilege = sec_privilege_id ( argv [ i ] ) ;
if ( privilege = = SEC_PRIV_INVALID ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s unknown \n " ) , argv [ i ] ) ;
2009-06-17 20:29:20 +04:00
return - 1 ;
}
2010-08-30 09:27:40 +04:00
if ( ! revoke_privilege_by_name ( & sid , argv [ i ] ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not revoke privilege \n " ) ) ;
2009-06-17 20:29:20 +04:00
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Revoked %s from %s \\ %s \n " ) , argv [ i ] , dom , name ) ;
2007-09-09 00:30:51 +04:00
}
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_rights ( struct net_context * c , int argc , const char * * argv )
2007-09-09 00:30:51 +04:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-06-07 04:13:52 +04:00
{
" list " ,
net_sam_rights_list ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List possible user rights " ) ,
N_ ( " net sam rights list \n "
" List possible user rights " )
2008-06-07 04:13:52 +04:00
} ,
{
" grant " ,
net_sam_rights_grant ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Grant right(s) " ) ,
N_ ( " net sam rights grant \n "
" Grant right(s) " )
2008-06-07 04:13:52 +04:00
} ,
{
" revoke " ,
net_sam_rights_revoke ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Revoke right(s) " ) ,
N_ ( " net sam rights revoke \n "
" Revoke right(s) " )
2008-06-07 04:13:52 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2007-09-09 00:30:51 +04:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net sam rights " , func ) ;
2007-09-09 00:30:51 +04:00
}
2006-02-04 01:19:41 +03:00
/*
* Map a unix group to a domain group
*/
2011-09-27 01:55:47 +04:00
static NTSTATUS map_unix_group ( const struct group * grp , GROUP_MAP * map )
2007-05-11 12:59:01 +04:00
{
2011-09-27 01:55:47 +04:00
const char * dom , * name ;
2007-05-11 12:59:01 +04:00
uint32 rid ;
2011-09-27 01:55:47 +04:00
if ( pdb_getgrgid ( map , grp - > gr_gid ) ) {
2007-05-11 12:59:01 +04:00
return NT_STATUS_GROUP_EXISTS ;
}
2011-09-27 01:55:47 +04:00
map - > gid = grp - > gr_gid ;
2007-05-11 12:59:01 +04:00
2011-09-27 01:55:47 +04:00
if ( lookup_name ( talloc_tos ( ) , grp - > gr_name , LOOKUP_NAME_LOCAL ,
2007-05-11 12:59:01 +04:00
& dom , & name , NULL , NULL ) ) {
2011-09-27 01:55:47 +04:00
map - > nt_name = talloc_asprintf ( map , " Unix Group %s " ,
grp - > gr_name ) ;
2007-05-11 12:59:01 +04:00
DEBUG ( 5 , ( " %s exists as %s \\ %s, retrying as \" %s \" \n " ,
2011-09-27 01:55:47 +04:00
grp - > gr_name , dom , name , map - > nt_name ) ) ;
2007-05-11 12:59:01 +04:00
}
2011-09-27 01:55:47 +04:00
if ( lookup_name ( talloc_tos ( ) , grp - > gr_name , LOOKUP_NAME_LOCAL ,
2007-05-11 12:59:01 +04:00
NULL , NULL , NULL , NULL ) ) {
DEBUG ( 3 , ( " \" %s \" exists, can't map it \n " , grp - > gr_name ) ) ;
return NT_STATUS_GROUP_EXISTS ;
}
2009-06-28 19:36:12 +04:00
if ( pdb_capabilities ( ) & PDB_CAP_STORE_RIDS ) {
2007-05-11 12:59:01 +04:00
if ( ! pdb_new_rid ( & rid ) ) {
DEBUG ( 3 , ( " Could not get a new RID for %s \n " ,
grp - > gr_name ) ) ;
return NT_STATUS_ACCESS_DENIED ;
}
2009-06-28 19:36:12 +04:00
} else {
rid = algorithmic_pdb_gid_to_group_rid ( grp - > gr_gid ) ;
2007-05-11 12:59:01 +04:00
}
2011-09-27 01:55:47 +04:00
sid_compose ( & map - > sid , get_global_sam_sid ( ) , rid ) ;
map - > sid_name_use = SID_NAME_DOM_GRP ;
map - > comment = talloc_asprintf ( map , " Unix Group %s " , grp - > gr_name ) ;
2007-05-11 12:59:01 +04:00
2011-09-27 01:55:47 +04:00
return pdb_add_group_mapping_entry ( map ) ;
2007-05-11 12:59:01 +04:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_mapunixgroup ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
NTSTATUS status ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2006-02-04 01:19:41 +03:00
struct group * grp ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam mapunixgroup <name> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
grp = getgrnam ( argv [ 0 ] ) ;
if ( grp = = NULL ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find group %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2011-09-27 01:55:47 +04:00
map = talloc_zero ( talloc_tos ( ) , GROUP_MAP ) ;
if ( ! map ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
return - 1 ;
}
status = map_unix_group ( grp , map ) ;
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Mapping group %s failed with %s \n " ) ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Mapped unix group %s to SID %s \n " ) , argv [ 0 ] ,
2011-09-27 01:55:47 +04:00
sid_string_tos ( & map - > sid ) ) ;
2006-02-04 01:19:41 +03:00
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
2007-05-11 12:59:01 +04:00
/*
* Remove a group mapping
*/
2011-09-27 01:55:47 +04:00
static NTSTATUS unmap_unix_group ( const struct group * grp )
2007-05-11 12:59:01 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid dom_sid ;
2007-05-11 12:59:01 +04:00
2011-09-27 01:55:47 +04:00
if ( ! lookup_name ( talloc_tos ( ) , grp - > gr_name , LOOKUP_NAME_LOCAL ,
2007-05-11 12:59:01 +04:00
NULL , NULL , NULL , NULL ) ) {
DEBUG ( 3 , ( " \" %s \" does not exist, can't unmap it \n " , grp - > gr_name ) ) ;
return NT_STATUS_NO_SUCH_GROUP ;
}
2011-09-27 01:55:47 +04:00
if ( ! pdb_gid_to_sid ( grp - > gr_gid , & dom_sid ) ) {
2007-05-11 12:59:01 +04:00
return NT_STATUS_UNSUCCESSFUL ;
}
2010-03-14 21:45:26 +03:00
return pdb_delete_group_mapping_entry ( dom_sid ) ;
2007-05-11 12:59:01 +04:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_unmapunixgroup ( struct net_context * c , int argc , const char * * argv )
2007-05-11 12:59:01 +04:00
{
NTSTATUS status ;
struct group * grp ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam unmapunixgroup <name> \n " ) ) ;
2007-05-11 12:59:01 +04:00
return - 1 ;
}
grp = getgrnam ( argv [ 0 ] ) ;
if ( grp = = NULL ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find mapping for group %s. \n " ) ,
argv [ 0 ] ) ;
2007-05-11 12:59:01 +04:00
return - 1 ;
}
2011-09-27 01:55:47 +04:00
status = unmap_unix_group ( grp ) ;
2007-05-11 12:59:01 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Unmapping group %s failed with %s. \n " ) ,
2007-05-11 12:59:01 +04:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Unmapped unix group %s. \n " ) , argv [ 0 ] ) ;
2007-05-11 12:59:01 +04:00
return 0 ;
}
2009-06-08 01:11:12 +04:00
/*
* Create a domain group
*/
static int net_sam_createdomaingroup ( struct net_context * c , int argc ,
const char * * argv )
{
NTSTATUS status ;
uint32 rid ;
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam createdomaingroup <name> \n " ) ) ;
2009-06-08 01:11:12 +04:00
return - 1 ;
}
status = pdb_create_dom_group ( talloc_tos ( ) , argv [ 0 ] , & rid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Creating %s failed with %s \n " ) ,
2009-06-08 01:11:12 +04:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Created domain group %s with RID %d \n " ) , argv [ 0 ] , rid ) ;
2009-06-08 01:11:12 +04:00
return 0 ;
}
2009-06-09 16:46:43 +04:00
/*
* Delete a domain group
*/
static int net_sam_deletedomaingroup ( struct net_context * c , int argc ,
const char * * argv )
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2009-06-09 16:46:43 +04:00
uint32_t rid ;
enum lsa_SidType type ;
const char * dom , * name ;
NTSTATUS status ;
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam deletelocalgroup <name> \n " ) ) ;
2009-06-09 16:46:43 +04:00
return - 1 ;
}
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find %s. \n " ) , argv [ 0 ] ) ;
2009-06-09 16:46:43 +04:00
return - 1 ;
}
if ( type ! = SID_NAME_DOM_GRP ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a %s, not a domain group. \n " ) ,
argv [ 0 ] , sid_type_lookup ( type ) ) ;
2009-06-09 16:46:43 +04:00
return - 1 ;
}
sid_peek_rid ( & sid , & rid ) ;
status = pdb_delete_dom_group ( talloc_tos ( ) , rid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Deleting domain group %s failed with %s \n " ) ,
2009-06-09 16:46:43 +04:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Deleted domain group %s. \n " ) , argv [ 0 ] ) ;
2009-06-09 16:46:43 +04:00
return 0 ;
}
2006-02-04 01:19:41 +03:00
/*
* Create a local group
*/
2008-05-10 01:22:12 +04:00
static int net_sam_createlocalgroup ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
NTSTATUS status ;
uint32 rid ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam createlocalgroup <name> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( ! winbind_ping ( ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " winbind seems not to run. "
" createlocalgroup only works when winbind runs. \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
status = pdb_create_alias ( argv [ 0 ] , & rid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Creating %s failed with %s \n " ) ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Created local group %s with RID %d \n " ) , argv [ 0 ] , rid ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
2007-04-20 16:23:36 +04:00
/*
* Delete a local group
*/
2008-05-10 01:22:12 +04:00
static int net_sam_deletelocalgroup ( struct net_context * c , int argc , const char * * argv )
2007-04-20 16:23:36 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2007-04-20 16:23:36 +04:00
enum lsa_SidType type ;
const char * dom , * name ;
2007-05-11 12:46:54 +04:00
NTSTATUS status ;
2007-04-20 16:23:36 +04:00
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam deletelocalgroup <name> \n " ) ) ;
2007-04-20 16:23:36 +04:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2007-04-20 16:23:36 +04:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find %s. \n " ) , argv [ 0 ] ) ;
2007-04-20 16:23:36 +04:00
return - 1 ;
}
if ( type ! = SID_NAME_ALIAS ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a %s, not a local group. \n " ) , argv [ 0 ] ,
2007-04-20 16:23:36 +04:00
sid_type_lookup ( type ) ) ;
return - 1 ;
}
2007-05-11 12:46:54 +04:00
status = pdb_delete_alias ( & sid ) ;
2007-04-20 16:23:36 +04:00
2007-05-11 12:46:54 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Deleting local group %s failed with %s \n " ) ,
2007-05-11 12:46:54 +04:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2007-04-20 16:23:36 +04:00
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Deleted local group %s. \n " ) , argv [ 0 ] ) ;
2007-04-20 16:23:36 +04:00
return 0 ;
}
2006-03-20 15:14:07 +03:00
/*
2008-06-18 01:57:26 +04:00
* Create a builtin group
2006-03-20 15:14:07 +03:00
*/
2008-05-10 01:22:12 +04:00
static int net_sam_createbuiltingroup ( struct net_context * c , int argc , const char * * argv )
2006-03-20 15:14:07 +03:00
{
NTSTATUS status ;
uint32 rid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2006-03-20 15:14:07 +03:00
fstring groupname ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-03-20 15:14:07 +03:00
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam createbuiltingroup <name> \n " ) ) ;
2006-03-20 15:14:07 +03:00
return - 1 ;
}
if ( ! winbind_ping ( ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " winbind seems not to run. "
" createbuiltingroup only works when winbind "
" runs. \n " ) ) ;
2006-03-20 15:14:07 +03:00
return - 1 ;
}
/* validate the name and get the group */
2008-05-08 13:23:38 +04:00
2006-03-20 15:14:07 +03:00
fstrcpy ( groupname , " BUILTIN \\ " ) ;
fstrcat ( groupname , argv [ 0 ] ) ;
2008-05-08 13:23:38 +04:00
2007-08-30 23:48:31 +04:00
if ( ! lookup_name ( talloc_tos ( ) , groupname , LOOKUP_NAME_ALL , NULL ,
2006-04-23 14:59:44 +04:00
NULL , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is not a BUILTIN group \n " ) , argv [ 0 ] ) ;
2006-03-20 15:14:07 +03:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2006-03-20 15:14:07 +03:00
if ( ! sid_peek_rid ( & sid , & rid ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Failed to get RID for %s \n " ) , argv [ 0 ] ) ;
2006-03-20 15:14:07 +03:00
return - 1 ;
}
status = pdb_create_builtin_alias ( rid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Creating %s failed with %s \n " ) ,
2006-03-20 15:14:07 +03:00
argv [ 0 ] , nt_errstr ( status ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Created BUILTIN group %s with RID %d \n " ) , argv [ 0 ] , rid ) ;
2006-03-20 15:14:07 +03:00
return 0 ;
}
2006-02-04 01:19:41 +03:00
/*
* Add a group member
*/
2008-05-10 01:22:12 +04:00
static int net_sam_addmem ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
const char * groupdomain , * groupname , * memberdomain , * membername ;
2010-05-21 05:25:01 +04:00
struct dom_sid group , member ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType grouptype , membertype ;
2006-02-04 01:19:41 +03:00
NTSTATUS status ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam addmem <group> <member> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& groupdomain , & groupname , & group , & grouptype ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find group %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2006-03-25 02:54:08 +03:00
/* check to see if the member to be added is a name or a SID */
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 1 ] , LOOKUP_NAME_LOCAL ,
2006-03-25 02:54:08 +03:00
& memberdomain , & membername , & member , & membertype ) )
{
/* try it as a SID */
if ( ! string_to_sid ( & member , argv [ 1 ] ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find member %s \n " ) ,
argv [ 1 ] ) ;
2006-03-25 02:54:08 +03:00
return - 1 ;
}
2007-08-30 23:48:31 +04:00
if ( ! lookup_sid ( talloc_tos ( ) , & member , & memberdomain ,
2008-05-08 13:23:38 +04:00
& membername , & membertype ) )
2006-03-25 02:54:08 +03:00
{
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not resolve SID %s \n " ) ,
argv [ 1 ] ) ;
2006-03-25 02:54:08 +03:00
return - 1 ;
}
2006-02-04 01:19:41 +03:00
}
if ( ( grouptype = = SID_NAME_ALIAS ) | | ( grouptype = = SID_NAME_WKN_GRP ) ) {
if ( ( membertype ! = SID_NAME_USER ) & &
( membertype ! = SID_NAME_DOM_GRP ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " %s is a local group, only users "
2006-02-04 01:19:41 +03:00
" and domain groups can be added. \n "
2009-08-11 10:31:04 +04:00
" %s is a %s \n " ) , argv [ 0 ] , argv [ 1 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( membertype ) ) ;
return - 1 ;
}
status = pdb_add_aliasmem ( & group , & member ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Adding local group member failed "
" with %s \n " ) , nt_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2009-06-09 17:23:33 +04:00
} else if ( grouptype = = SID_NAME_DOM_GRP ) {
uint32_t grouprid , memberrid ;
sid_peek_rid ( & group , & grouprid ) ;
sid_peek_rid ( & member , & memberrid ) ;
status = pdb_add_groupmem ( talloc_tos ( ) , grouprid , memberrid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Adding domain group member failed "
" with %s \n " ) , nt_errstr ( status ) ) ;
2009-06-09 17:23:33 +04:00
return - 1 ;
}
2006-02-04 01:19:41 +03:00
} else {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Can only add members to local groups so "
" far, %s is a %s \n " ) , argv [ 0 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( grouptype ) ) ;
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Added %s \\ %s to %s \\ %s \n " ) , memberdomain , membername ,
2006-03-25 02:54:08 +03:00
groupdomain , groupname ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
/*
* Delete a group member
*/
2008-05-10 01:22:12 +04:00
static int net_sam_delmem ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
const char * groupdomain , * groupname ;
const char * memberdomain = NULL ;
const char * membername = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid group , member ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType grouptype ;
2006-02-04 01:19:41 +03:00
NTSTATUS status ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam delmem <group> <member> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& groupdomain , & groupname , & group , & grouptype ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find group %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 1 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& memberdomain , & membername , & member , NULL ) ) {
if ( ! string_to_sid ( & member , argv [ 1 ] ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find member %s \n " ) ,
2006-02-04 01:19:41 +03:00
argv [ 1 ] ) ;
return - 1 ;
}
}
if ( ( grouptype = = SID_NAME_ALIAS ) | |
( grouptype = = SID_NAME_WKN_GRP ) ) {
status = pdb_del_aliasmem ( & group , & member ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Deleting local group member failed "
" with %s \n " ) , nt_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2009-06-09 17:23:33 +04:00
} else if ( grouptype = = SID_NAME_DOM_GRP ) {
uint32_t grouprid , memberrid ;
sid_peek_rid ( & group , & grouprid ) ;
sid_peek_rid ( & member , & memberrid ) ;
status = pdb_del_groupmem ( talloc_tos ( ) , grouprid , memberrid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Deleting domain group member "
" failed with %s \n " ) , nt_errstr ( status ) ) ;
2009-06-09 17:23:33 +04:00
return - 1 ;
}
2006-02-04 01:19:41 +03:00
} else {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Can only delete members from local groups "
" so far, %s is a %s \n " ) , argv [ 0 ] ,
2006-02-04 01:19:41 +03:00
sid_type_lookup ( grouptype ) ) ;
return - 1 ;
}
if ( membername ! = NULL ) {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Deleted %s \\ %s from %s \\ %s \n " ) ,
2006-02-04 01:19:41 +03:00
memberdomain , membername , groupdomain , groupname ) ;
} else {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Deleted %s from %s \\ %s \n " ) ,
2007-12-15 23:53:26 +03:00
sid_string_tos ( & member ) , groupdomain , groupname ) ;
2006-02-04 01:19:41 +03:00
}
return 0 ;
}
/*
* List group members
*/
2008-05-10 01:22:12 +04:00
static int net_sam_listmem ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
const char * groupdomain , * groupname ;
2010-05-21 05:25:01 +04:00
struct dom_sid group ;
struct dom_sid * members = NULL ;
2009-06-09 01:57:11 +04:00
size_t i , num_members = 0 ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType grouptype ;
2006-02-04 01:19:41 +03:00
NTSTATUS status ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam listmem <group> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& groupdomain , & groupname , & group , & grouptype ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find group %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( ( grouptype = = SID_NAME_ALIAS ) | |
( grouptype = = SID_NAME_WKN_GRP ) ) {
2009-06-08 21:43:01 +04:00
status = pdb_enum_aliasmem ( & group , talloc_tos ( ) , & members ,
& num_members ) ;
2009-06-09 01:57:11 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Listing group members failed with "
" %s \n " ) , nt_errstr ( status ) ) ;
2009-06-09 01:57:11 +04:00
return - 1 ;
}
} else if ( grouptype = = SID_NAME_DOM_GRP ) {
uint32_t * rids ;
2006-02-04 01:19:41 +03:00
2009-06-09 01:57:11 +04:00
status = pdb_enum_group_members ( talloc_tos ( ) , & group ,
& rids , & num_members ) ;
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Listing group members failed with "
" %s \n " ) , nt_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2009-06-09 01:57:11 +04:00
members = talloc_array ( talloc_tos ( ) , struct dom_sid ,
num_members ) ;
if ( members = = NULL ) {
TALLOC_FREE ( rids ) ;
return - 1 ;
2006-02-04 01:19:41 +03:00
}
2007-06-04 05:51:18 +04:00
2009-06-09 01:57:11 +04:00
for ( i = 0 ; i < num_members ; i + + ) {
sid_compose ( & members [ i ] , get_global_sam_sid ( ) ,
rids [ i ] ) ;
}
TALLOC_FREE ( rids ) ;
2006-02-04 01:19:41 +03:00
} else {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Can only list local group members so far. \n "
" %s is a %s \n " ) , argv [ 0 ] , sid_type_lookup ( grouptype ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " %s \\ %s has %u members \n " ) , groupdomain , groupname ,
2009-06-09 01:57:11 +04:00
( unsigned int ) num_members ) ;
for ( i = 0 ; i < num_members ; i + + ) {
const char * dom , * name ;
if ( lookup_sid ( talloc_tos ( ) , & members [ i ] , & dom , & name , NULL ) ) {
d_printf ( " %s \\ %s \n " , dom , name ) ;
} else {
d_printf ( " %s \n " , sid_string_tos ( & members [ i ] ) ) ;
}
}
TALLOC_FREE ( members ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
/*
* Do the listing
*/
2008-05-10 01:22:12 +04:00
static int net_sam_do_list ( struct net_context * c , int argc , const char * * argv ,
2006-02-04 01:19:41 +03:00
struct pdb_search * search , const char * what )
{
2007-10-19 04:40:25 +04:00
bool verbose = ( argc = = 1 ) ;
2006-02-04 01:19:41 +03:00
2008-06-07 04:13:52 +04:00
if ( ( argc > 1 ) | | c - > display_usage | |
2006-02-04 01:19:41 +03:00
( ( argc = = 1 ) & & ! strequal ( argv [ 0 ] , " verbose " ) ) ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n " , _ ( " Usage: " ) ) ;
d_fprintf ( stderr , _ ( " net sam list %s [verbose] \n " ) , what ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
if ( search = = NULL ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not start search \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2008-05-12 13:53:23 +04:00
while ( true ) {
2006-02-04 01:19:41 +03:00
struct samr_displayentry entry ;
if ( ! search - > next_entry ( search , & entry ) ) {
break ;
}
if ( verbose ) {
d_printf ( " %s:%d:%s \n " ,
entry . account_name ,
entry . rid ,
entry . description ) ;
} else {
d_printf ( " %s \n " , entry . account_name ) ;
}
}
2009-02-12 19:48:52 +03:00
TALLOC_FREE ( search ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_list_users ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2009-02-12 19:48:52 +03:00
return net_sam_do_list ( c , argc , argv ,
pdb_search_users ( talloc_tos ( ) , ACB_NORMAL ) ,
2006-02-04 01:19:41 +03:00
" users " ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_list_groups ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2009-02-12 19:48:52 +03:00
return net_sam_do_list ( c , argc , argv , pdb_search_groups ( talloc_tos ( ) ) ,
" groups " ) ;
2006-02-04 01:19:41 +03:00
}
2008-05-10 01:22:12 +04:00
static int net_sam_list_localgroups ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_do_list ( c , argc , argv ,
2009-02-12 19:48:52 +03:00
pdb_search_aliases ( talloc_tos ( ) ,
get_global_sam_sid ( ) ) ,
2006-02-04 01:19:41 +03:00
" localgroups " ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_list_builtin ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_do_list ( c , argc , argv ,
2009-02-12 19:48:52 +03:00
pdb_search_aliases ( talloc_tos ( ) ,
& global_sid_Builtin ) ,
2006-02-04 01:19:41 +03:00
" builtin " ) ;
}
2008-05-10 01:22:12 +04:00
static int net_sam_list_workstations ( struct net_context * c , int argc ,
const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-05-10 01:22:12 +04:00
return net_sam_do_list ( c , argc , argv ,
2009-02-12 19:48:52 +03:00
pdb_search_users ( talloc_tos ( ) , ACB_WSTRUST ) ,
2006-02-04 01:19:41 +03:00
" workstations " ) ;
}
/*
* List stuff
*/
2008-05-10 01:22:12 +04:00
static int net_sam_list ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-06-07 04:13:52 +04:00
{
" users " ,
net_sam_list_users ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List SAM users " ) ,
N_ ( " net sam list users \n "
" List SAM users " )
2008-06-07 04:13:52 +04:00
} ,
{
" groups " ,
net_sam_list_groups ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List SAM groups " ) ,
N_ ( " net sam list groups \n "
" List SAM groups " )
2008-06-07 04:13:52 +04:00
} ,
{
" localgroups " ,
net_sam_list_localgroups ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List SAM local groups " ) ,
N_ ( " net sam list localgroups \n "
" List SAM local groups " )
2008-06-07 04:13:52 +04:00
} ,
{
" builtin " ,
net_sam_list_builtin ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List builtin groups " ) ,
N_ ( " net sam list builtin \n "
" List builtin groups " )
2008-06-07 04:13:52 +04:00
} ,
{
" workstations " ,
net_sam_list_workstations ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List domain member workstations " ) ,
N_ ( " net sam list workstations \n "
" List domain member workstations " )
2008-06-07 04:13:52 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2006-02-04 01:19:41 +03:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net sam list " , func ) ;
2006-02-04 01:19:41 +03:00
}
/*
* Show details of SAM entries
*/
2008-05-10 01:22:12 +04:00
static int net_sam_show ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2006-02-04 01:19:41 +03:00
const char * dom , * name ;
2008-06-07 04:13:52 +04:00
if ( argc ! = 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_fprintf ( stderr , " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net sam show <name> \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2007-12-17 13:55:05 +03:00
if ( ! lookup_name ( talloc_tos ( ) , argv [ 0 ] , LOOKUP_NAME_LOCAL ,
2006-02-04 01:19:41 +03:00
& dom , & name , & sid , & type ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Could not find name %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " %s \\ %s is a %s with SID %s \n " ) , dom , name ,
2007-12-15 23:53:26 +03:00
sid_type_lookup ( type ) , sid_string_tos ( & sid ) ) ;
2006-02-04 01:19:41 +03:00
return 0 ;
}
2006-03-05 21:25:46 +03:00
# ifdef HAVE_LDAP
2006-03-05 20:49:30 +03:00
/*
* Init an LDAP tree with default users and Groups
* if ldapsam : editposix is enabled
*/
2008-05-10 01:22:12 +04:00
static int net_sam_provision ( struct net_context * c , int argc , const char * * argv )
2006-03-05 20:49:30 +03:00
{
TALLOC_CTX * tc ;
char * ldap_bk ;
char * ldap_uri = NULL ;
char * p ;
struct smbldap_state * ls ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * gmap = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid gsid ;
2006-03-05 20:49:30 +03:00
gid_t domusers_gid = - 1 ;
gid_t domadmins_gid = - 1 ;
struct samu * samuser ;
struct passwd * pwd ;
2011-03-18 13:37:15 +03:00
bool is_ipa = false ;
2006-03-05 20:49:30 +03:00
2008-06-07 04:13:52 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n "
2009-08-11 10:31:04 +04:00
" net sam provision \n "
2010-01-19 13:43:54 +03:00
" %s \n " ,
_ ( " Usage: " ) ,
_ ( " Init an LDAP tree with default users/groups " ) ) ;
2008-06-07 04:13:52 +04:00
return 0 ;
}
2006-03-05 20:49:30 +03:00
tc = talloc_new ( NULL ) ;
if ( ! tc ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
return - 1 ;
}
2006-06-19 23:07:39 +04:00
if ( ( ldap_bk = talloc_strdup ( tc , lp_passdb_backend ( ) ) ) = = NULL ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " talloc failed \n " ) ) ;
2006-06-19 23:07:39 +04:00
talloc_free ( tc ) ;
return - 1 ;
}
2006-03-05 20:49:30 +03:00
p = strchr ( ldap_bk , ' : ' ) ;
if ( p ) {
* p = 0 ;
ldap_uri = talloc_strdup ( tc , p + 1 ) ;
trim_char ( ldap_uri , ' ' , ' ' ) ;
}
trim_char ( ldap_bk , ' ' , ' ' ) ;
2009-08-11 10:31:04 +04:00
2011-03-18 13:37:15 +03:00
if ( strcmp ( ldap_bk , " IPA_ldapsam " ) = = 0 ) {
is_ipa = true ;
}
if ( strcmp ( ldap_bk , " ldapsam " ) ! = 0 & & ! is_ipa ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr ,
_ ( " Provisioning works only with ldapsam backend \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2009-08-11 10:31:04 +04:00
2008-05-12 13:53:23 +04:00
if ( ! lp_parm_bool ( - 1 , " ldapsam " , " trusted " , false ) | |
! lp_parm_bool ( - 1 , " ldapsam " , " editposix " , false ) ) {
2006-03-05 20:49:30 +03:00
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Provisioning works only if ldapsam:trusted "
" and ldapsam:editposix are enabled. \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2011-03-18 13:37:15 +03:00
if ( ! is_ipa & & ! winbind_ping ( ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " winbind seems not to run. Provisioning "
" LDAP only works when winbind runs. \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2007-03-11 19:49:16 +03:00
if ( ! NT_STATUS_IS_OK ( smbldap_init ( tc , NULL , ldap_uri , & ls ) ) ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Unable to connect to the LDAP server. \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Checking for Domain Users group. \n " ) ) ;
2006-03-05 20:49:30 +03:00
2010-05-18 00:04:24 +04:00
sid_compose ( & gsid , get_global_sam_sid ( ) , DOMAIN_RID_USERS ) ;
2006-03-05 20:49:30 +03:00
2011-09-27 01:55:47 +04:00
gmap = talloc_zero ( tc , GROUP_MAP ) ;
if ( ! gmap ) {
d_printf ( _ ( " Out of memory! \n " ) ) ;
goto failed ;
}
if ( ! pdb_getgrsid ( gmap , gsid ) ) {
2006-03-05 20:49:30 +03:00
LDAPMod * * mods = NULL ;
char * dn ;
char * uname ;
char * wname ;
char * gidstr ;
char * gtype ;
int rc ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Adding the Domain Users group. \n " ) ) ;
2006-03-05 20:49:30 +03:00
/* lets allocate a new groupid for this group */
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
domusers_gid = 999 ;
} else {
if ( ! winbind_allocate_gid ( & domusers_gid ) ) {
d_fprintf ( stderr , _ ( " Unable to allocate a new gid to "
" create Domain Users group! \n " ) ) ;
goto domu_done ;
}
2006-03-05 20:49:30 +03:00
}
uname = talloc_strdup ( tc , " domusers " ) ;
wname = talloc_strdup ( tc , " Domain Users " ) ;
dn = talloc_asprintf ( tc , " cn=%s,%s " , " domusers " , lp_ldap_group_suffix ( ) ) ;
2009-05-12 08:56:57 +04:00
gidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) domusers_gid ) ;
2006-03-05 20:49:30 +03:00
gtype = talloc_asprintf ( tc , " %d " , SID_NAME_DOM_GRP ) ;
if ( ! uname | | ! wname | | ! dn | | ! gidstr | | ! gtype ) {
d_fprintf ( stderr , " Out of Memory! \n " ) ;
goto failed ;
}
2008-04-10 12:42:17 +04:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_POSIXGROUP ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_GROUPMAP ) ;
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " groupofnames " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " nestedgroup " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " ipausergroup " ) ;
}
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " cn " , uname ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " displayName " , wname ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " gidNumber " , gidstr ) ;
2007-12-15 23:49:15 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaSid " ,
sid_string_talloc ( tc , & gsid ) ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaGroupType " , gtype ) ;
talloc_autofree_ldapmod ( tc , mods ) ;
rc = smbldap_add ( ls , dn , mods ) ;
if ( rc ! = LDAP_SUCCESS ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Failed to add Domain Users group "
" to ldap directory \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrsid ( gmap , gsid ) ) {
2011-03-18 13:37:15 +03:00
d_fprintf ( stderr , _ ( " Failed to read just "
" created domain group. \n " ) ) ;
goto failed ;
} else {
2011-09-27 01:55:47 +04:00
domusers_gid = gmap - > gid ;
2011-03-18 13:37:15 +03:00
}
}
2006-03-05 20:49:30 +03:00
} else {
2011-09-27 01:55:47 +04:00
domusers_gid = gmap - > gid ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " found! \n " ) ) ;
}
2006-03-05 20:49:30 +03:00
domu_done :
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Checking for Domain Admins group. \n " ) ) ;
2006-03-05 20:49:30 +03:00
2010-05-18 00:04:24 +04:00
sid_compose ( & gsid , get_global_sam_sid ( ) , DOMAIN_RID_ADMINS ) ;
2006-03-05 20:49:30 +03:00
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrsid ( gmap , gsid ) ) {
2006-03-05 20:49:30 +03:00
LDAPMod * * mods = NULL ;
char * dn ;
char * uname ;
char * wname ;
char * gidstr ;
char * gtype ;
int rc ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Adding the Domain Admins group. \n " ) ) ;
2006-03-05 20:49:30 +03:00
/* lets allocate a new groupid for this group */
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
domadmins_gid = 999 ;
} else {
if ( ! winbind_allocate_gid ( & domadmins_gid ) ) {
d_fprintf ( stderr , _ ( " Unable to allocate a new gid to "
" create Domain Admins group! \n " ) ) ;
goto doma_done ;
}
2006-03-05 20:49:30 +03:00
}
uname = talloc_strdup ( tc , " domadmins " ) ;
wname = talloc_strdup ( tc , " Domain Admins " ) ;
dn = talloc_asprintf ( tc , " cn=%s,%s " , " domadmins " , lp_ldap_group_suffix ( ) ) ;
2009-05-12 08:56:57 +04:00
gidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) domadmins_gid ) ;
2006-03-05 20:49:30 +03:00
gtype = talloc_asprintf ( tc , " %d " , SID_NAME_DOM_GRP ) ;
if ( ! uname | | ! wname | | ! dn | | ! gidstr | | ! gtype ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2008-04-10 12:42:17 +04:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_POSIXGROUP ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_GROUPMAP ) ;
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " groupofnames " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " nestedgroup " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " ipausergroup " ) ;
}
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " cn " , uname ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " displayName " , wname ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " gidNumber " , gidstr ) ;
2007-12-15 23:49:15 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaSid " ,
sid_string_talloc ( tc , & gsid ) ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaGroupType " , gtype ) ;
talloc_autofree_ldapmod ( tc , mods ) ;
rc = smbldap_add ( ls , dn , mods ) ;
if ( rc ! = LDAP_SUCCESS ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Failed to add Domain Admins group "
" to ldap directory \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrsid ( gmap , gsid ) ) {
2011-03-18 13:37:15 +03:00
d_fprintf ( stderr , _ ( " Failed to read just "
" created domain group. \n " ) ) ;
goto failed ;
} else {
2011-09-27 01:55:47 +04:00
domadmins_gid = gmap - > gid ;
2011-03-18 13:37:15 +03:00
}
}
2006-03-05 20:49:30 +03:00
} else {
2011-09-27 01:55:47 +04:00
domadmins_gid = gmap - > gid ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " found! \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
doma_done :
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Check for Administrator account. \n " ) ) ;
2006-03-05 20:49:30 +03:00
samuser = samu_new ( tc ) ;
if ( ! samuser ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
if ( ! pdb_getsampwnam ( samuser , " Administrator " ) ) {
LDAPMod * * mods = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-03-05 20:49:30 +03:00
char * dn ;
char * name ;
char * uidstr ;
char * gidstr ;
char * shell ;
char * dir ;
2011-03-18 13:37:15 +03:00
char * princ ;
2006-03-05 20:49:30 +03:00
uid_t uid ;
int rc ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Adding the Administrator user. \n " ) ) ;
2006-03-05 20:49:30 +03:00
if ( domadmins_gid = = - 1 ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr ,
_ ( " Can't create Administrator user, Domain "
" Admins group not available! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto done ;
}
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
uid = 999 ;
} else {
if ( ! winbind_allocate_uid ( & uid ) ) {
d_fprintf ( stderr ,
_ ( " Unable to allocate a new uid to create "
" the Administrator user! \n " ) ) ;
goto done ;
}
2011-03-17 14:35:35 +03:00
}
2006-03-05 20:49:30 +03:00
name = talloc_strdup ( tc , " Administrator " ) ;
dn = talloc_asprintf ( tc , " uid=Administrator,%s " , lp_ldap_user_suffix ( ) ) ;
2009-05-12 08:56:57 +04:00
uidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) uid ) ;
gidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) domadmins_gid ) ;
2006-03-05 20:49:30 +03:00
dir = talloc_sub_specified ( tc , lp_template_homedir ( ) ,
" Administrator " ,
get_global_sam_name ( ) ,
uid , domadmins_gid ) ;
shell = talloc_sub_specified ( tc , lp_template_shell ( ) ,
" Administrator " ,
get_global_sam_name ( ) ,
uid , domadmins_gid ) ;
if ( ! name | | ! dn | | ! uidstr | | ! gidstr | | ! dir | | ! shell ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2010-05-18 00:04:24 +04:00
sid_compose ( & sid , get_global_sam_sid ( ) , DOMAIN_RID_ADMINISTRATOR ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_ACCOUNT ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_POSIXACCOUNT ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_SAMBASAMACCOUNT ) ;
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " person " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " organizationalperson " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " inetorgperson " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " inetuser " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " krbprincipalaux " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " krbticketpolicyaux " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sn " , name ) ;
princ = talloc_asprintf ( tc , " %s@%s " , name , lp_realm ( ) ) ;
if ( ! princ ) {
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
goto failed ;
}
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " krbPrincipalName " , princ ) ;
}
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " uid " , name ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " cn " , name ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " displayName " , name ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " uidNumber " , uidstr ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " gidNumber " , gidstr ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " homeDirectory " , dir ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " loginShell " , shell ) ;
2007-12-15 23:49:15 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaSID " ,
sid_string_talloc ( tc , & sid ) ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaAcctFlags " ,
pdb_encode_acct_ctrl ( ACB_NORMAL | ACB_DISABLED ,
NEW_PW_FORMAT_SPACE_PADDED_LEN ) ) ;
talloc_autofree_ldapmod ( tc , mods ) ;
rc = smbldap_add ( ls , dn , mods ) ;
if ( rc ! = LDAP_SUCCESS ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Failed to add Administrator user "
" to ldap directory \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
if ( ! pdb_getsampwnam ( samuser , " Administrator " ) ) {
d_fprintf ( stderr , _ ( " Failed to read just "
" created user. \n " ) ) ;
goto failed ;
}
}
2006-03-05 20:49:30 +03:00
} else {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " found! \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Checking for Guest user. \n " ) ) ;
2006-03-05 20:49:30 +03:00
samuser = samu_new ( tc ) ;
if ( ! samuser ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
if ( ! pdb_getsampwnam ( samuser , lp_guestaccount ( ) ) ) {
LDAPMod * * mods = NULL ;
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-03-05 20:49:30 +03:00
char * dn ;
char * uidstr ;
char * gidstr ;
int rc ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Adding the Guest user. \n " ) ) ;
2006-03-05 20:49:30 +03:00
2009-01-22 14:20:46 +03:00
sid_compose ( & sid , get_global_sam_sid ( ) , DOMAIN_RID_GUEST ) ;
2010-10-20 19:16:23 +04:00
pwd = Get_Pwnam_alloc ( tc , lp_guestaccount ( ) ) ;
2006-03-05 20:49:30 +03:00
if ( ! pwd ) {
if ( domusers_gid = = - 1 ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr ,
_ ( " Can't create Guest user, Domain "
" Users group not available! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto done ;
}
2006-06-19 23:07:39 +04:00
if ( ( pwd = talloc ( tc , struct passwd ) ) = = NULL ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " talloc failed \n " ) ) ;
2006-06-19 23:07:39 +04:00
goto done ;
}
2006-03-05 20:49:30 +03:00
pwd - > pw_name = talloc_strdup ( pwd , lp_guestaccount ( ) ) ;
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
pwd - > pw_uid = 999 ;
} else {
if ( ! winbind_allocate_uid ( & ( pwd - > pw_uid ) ) ) {
d_fprintf ( stderr ,
_ ( " Unable to allocate a new uid to "
" create the Guest user! \n " ) ) ;
goto done ;
}
2006-03-05 20:49:30 +03:00
}
pwd - > pw_gid = domusers_gid ;
pwd - > pw_dir = talloc_strdup ( tc , " / " ) ;
pwd - > pw_shell = talloc_strdup ( tc , " /bin/false " ) ;
if ( ! pwd - > pw_dir | | ! pwd - > pw_shell ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
}
dn = talloc_asprintf ( tc , " uid=%s,%s " , pwd - > pw_name , lp_ldap_user_suffix ( ) ) ;
2009-05-12 08:56:57 +04:00
uidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) pwd - > pw_uid ) ;
gidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) pwd - > pw_gid ) ;
2006-03-05 20:49:30 +03:00
if ( ! dn | | ! uidstr | | ! gidstr ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_ACCOUNT ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_POSIXACCOUNT ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_SAMBASAMACCOUNT ) ;
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " person " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " organizationalperson " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " inetorgperson " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " inetuser " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " krbprincipalaux " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " krbticketpolicyaux " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sn " , pwd - > pw_name ) ;
}
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " uid " , pwd - > pw_name ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " cn " , pwd - > pw_name ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " displayName " , pwd - > pw_name ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " uidNumber " , uidstr ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " gidNumber " , gidstr ) ;
2007-03-09 19:55:56 +03:00
if ( ( pwd - > pw_dir ! = NULL ) & & ( pwd - > pw_dir [ 0 ] ! = ' \0 ' ) ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " homeDirectory " , pwd - > pw_dir ) ;
}
if ( ( pwd - > pw_shell ! = NULL ) & & ( pwd - > pw_shell [ 0 ] ! = ' \0 ' ) ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " loginShell " , pwd - > pw_shell ) ;
}
2007-12-15 23:49:15 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaSID " ,
sid_string_talloc ( tc , & sid ) ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaAcctFlags " ,
pdb_encode_acct_ctrl ( ACB_NORMAL | ACB_DISABLED ,
NEW_PW_FORMAT_SPACE_PADDED_LEN ) ) ;
talloc_autofree_ldapmod ( tc , mods ) ;
rc = smbldap_add ( ls , dn , mods ) ;
if ( rc ! = LDAP_SUCCESS ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Failed to add Guest user to "
" ldap directory \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
if ( ! pdb_getsampwnam ( samuser , lp_guestaccount ( ) ) ) {
d_fprintf ( stderr , _ ( " Failed to read just "
" created user. \n " ) ) ;
goto failed ;
}
}
2006-03-05 20:49:30 +03:00
} else {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " found! \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Checking Guest's group. \n " ) ) ;
2006-03-05 20:49:30 +03:00
2010-10-20 19:16:23 +04:00
pwd = Get_Pwnam_alloc ( tc , lp_guestaccount ( ) ) ;
2006-03-05 20:49:30 +03:00
if ( ! pwd ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr ,
_ ( " Failed to find just created Guest account! \n "
" Is nss properly configured?! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
if ( pwd - > pw_gid = = domusers_gid ) {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " found! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto done ;
}
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrgid ( gmap , pwd - > pw_gid ) ) {
2006-03-05 20:49:30 +03:00
LDAPMod * * mods = NULL ;
char * dn ;
char * uname ;
char * wname ;
char * gidstr ;
char * gtype ;
int rc ;
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " Adding the Domain Guests group. \n " ) ) ;
2006-03-05 20:49:30 +03:00
uname = talloc_strdup ( tc , " domguests " ) ;
wname = talloc_strdup ( tc , " Domain Guests " ) ;
dn = talloc_asprintf ( tc , " cn=%s,%s " , " domguests " , lp_ldap_group_suffix ( ) ) ;
2009-05-12 08:56:57 +04:00
gidstr = talloc_asprintf ( tc , " %u " , ( unsigned int ) pwd - > pw_gid ) ;
2006-03-05 20:49:30 +03:00
gtype = talloc_asprintf ( tc , " %d " , SID_NAME_DOM_GRP ) ;
if ( ! uname | | ! wname | | ! dn | | ! gidstr | | ! gtype ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " Out of Memory! \n " ) ) ;
2006-03-05 20:49:30 +03:00
goto failed ;
}
2010-05-18 00:04:24 +04:00
sid_compose ( & gsid , get_global_sam_sid ( ) , DOMAIN_RID_GUESTS ) ;
2006-03-05 20:49:30 +03:00
2008-04-10 12:42:17 +04:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_POSIXGROUP ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , LDAP_OBJ_GROUPMAP ) ;
2011-03-18 13:37:15 +03:00
if ( is_ipa ) {
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " groupofnames " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " nestedgroup " ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " objectClass " , " ipausergroup " ) ;
}
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " cn " , uname ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " displayName " , wname ) ;
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " gidNumber " , gidstr ) ;
2007-12-15 23:49:15 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaSid " ,
sid_string_talloc ( tc , & gsid ) ) ;
2006-03-05 20:49:30 +03:00
smbldap_set_mod ( & mods , LDAP_MOD_ADD , " sambaGroupType " , gtype ) ;
talloc_autofree_ldapmod ( tc , mods ) ;
rc = smbldap_add ( ls , dn , mods ) ;
if ( rc ! = LDAP_SUCCESS ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr ,
_ ( " Failed to add Domain Guests group to ldap "
" directory \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
} else {
2009-08-11 10:31:04 +04:00
d_printf ( _ ( " found! \n " ) ) ;
2006-03-05 20:49:30 +03:00
}
done :
talloc_free ( tc ) ;
return 0 ;
failed :
talloc_free ( tc ) ;
return - 1 ;
}
2006-04-10 19:33:04 +04:00
2006-03-05 21:25:46 +03:00
# endif
2006-03-05 20:49:30 +03:00
2006-02-04 01:19:41 +03:00
/***********************************************************
migrated functionality from smbgroupedit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
int net_sam ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-06-07 04:13:52 +04:00
{
" createbuiltingroup " ,
net_sam_createbuiltingroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Create a new BUILTIN group " ) ,
N_ ( " net sam createbuiltingroup \n "
" Create a new BUILTIN group " )
2008-06-07 04:13:52 +04:00
} ,
{
" createlocalgroup " ,
net_sam_createlocalgroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Create a new local group " ) ,
N_ ( " net sam createlocalgroup \n "
" Create a new local group " )
2008-06-07 04:13:52 +04:00
} ,
2009-06-08 01:11:12 +04:00
{
" createdomaingroup " ,
net_sam_createdomaingroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Create a new group " ) ,
N_ ( " net sam createdomaingroup \n "
" Create a new group " )
2009-06-08 01:11:12 +04:00
} ,
2008-06-07 04:13:52 +04:00
{
" deletelocalgroup " ,
net_sam_deletelocalgroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Delete an existing local group " ) ,
N_ ( " net sam deletelocalgroup \n "
" Delete an existing local group " )
2008-06-07 04:13:52 +04:00
} ,
2009-06-09 16:46:43 +04:00
{
" deletedomaingroup " ,
net_sam_deletedomaingroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Delete a domain group " ) ,
N_ ( " net sam deletedomaingroup \n "
" Delete a group " )
2009-06-09 16:46:43 +04:00
} ,
2008-06-07 04:13:52 +04:00
{
" mapunixgroup " ,
net_sam_mapunixgroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Map a unix group to a domain group " ) ,
N_ ( " net sam mapunixgroup \n "
" Map a unix group to a domain group " )
2008-06-07 04:13:52 +04:00
} ,
{
" unmapunixgroup " ,
net_sam_unmapunixgroup ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Remove a group mapping of an unix group to a "
" domain group " ) ,
N_ ( " net sam unmapunixgroup \n "
" Remove a group mapping of an unix group to a "
" domain group " )
2008-06-07 04:13:52 +04:00
} ,
{
" addmem " ,
net_sam_addmem ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Add a member to a group " ) ,
N_ ( " net sam addmem \n "
" Add a member to a group " )
2008-06-07 04:13:52 +04:00
} ,
{
" delmem " ,
net_sam_delmem ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Delete a member from a group " ) ,
N_ ( " net sam delmem \n "
" Delete a member from a group " )
2008-06-07 04:13:52 +04:00
} ,
{
" listmem " ,
net_sam_listmem ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List group members " ) ,
N_ ( " net sam listmem \n "
" List group members " )
2008-06-07 04:13:52 +04:00
} ,
{
" list " ,
net_sam_list ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " List users, groups and local groups " ) ,
N_ ( " net sam list \n "
" List users, groups and local groups " )
2008-06-07 04:13:52 +04:00
} ,
{
" show " ,
net_sam_show ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Show details of a SAM entry " ) ,
N_ ( " net sam show \n "
" Show details of a SAM entry " )
2008-06-07 04:13:52 +04:00
} ,
{
" set " ,
net_sam_set ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Set details of a SAM account " ) ,
N_ ( " net sam set \n "
" Set details of a SAM account " )
2008-06-07 04:13:52 +04:00
} ,
{
" policy " ,
net_sam_policy ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Set account policies " ) ,
N_ ( " net sam policy \n "
" Set account policies " )
2008-06-07 04:13:52 +04:00
} ,
{
" rights " ,
net_sam_rights ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Manipulate user privileges " ) ,
N_ ( " net sam rights \n "
" Manipulate user privileges " )
2008-06-07 04:13:52 +04:00
} ,
2006-03-05 21:25:46 +03:00
# ifdef HAVE_LDAP
2008-06-07 04:13:52 +04:00
{
" provision " ,
net_sam_provision ,
NET_TRANSPORT_LOCAL ,
2009-08-11 10:31:04 +04:00
N_ ( " Provision a clean user database " ) ,
N_ ( " net sam privison \n "
" Provision a clear user database " )
2008-06-07 04:13:52 +04:00
} ,
2006-03-05 21:25:46 +03:00
# endif
2008-06-07 04:13:52 +04:00
{ NULL , NULL , 0 , NULL , NULL }
2006-02-04 01:19:41 +03:00
} ;
if ( getuid ( ) ! = 0 ) {
2009-08-11 10:31:04 +04:00
d_fprintf ( stderr , _ ( " You are not root, most things won't "
" work \n " ) ) ;
2006-02-04 01:19:41 +03:00
}
2008-05-08 13:23:38 +04:00
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net sam " , func ) ;
2006-02-04 01:19:41 +03:00
}