2003-04-19 09:53:55 +04:00
/*
* Unix SMB / CIFS implementation .
* RPC Pipe client / server routines
* Copyright ( C ) Andrew Tridgell 1992 - 2000 ,
2018-05-07 15:04:17 +03:00
* Copyright ( C ) Jean François Micouleau 1998 - 2001.
2005-05-31 17:46:45 +04:00
* Copyright ( C ) Gerald Carter 2003 ,
* Copyright ( C ) Volker Lendecke 2004
2003-04-19 09:53:55 +04:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2003-04-19 09:53:55 +04:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2003-04-19 09:53:55 +04:00
*/
# include "includes.h"
2011-02-25 19:14:22 +03:00
# include "system/passwd.h"
2004-10-07 08:01:18 +04:00
# include "utils/net.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-03-18 20:58:37 +03:00
# include "passdb.h"
2003-04-19 09:53:55 +04:00
/*********************************************************
Figure out if the input was an NT group or a SID string .
Return the SID .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-05-21 05:25:01 +04:00
static bool get_sid_from_input ( struct dom_sid * sid , char * input )
2003-04-19 09:53:55 +04:00
{
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return false ;
}
2003-04-19 09:53:55 +04:00
2011-05-13 22:23:36 +04:00
if ( strncasecmp_m ( input , " S- " , 2 ) ) {
2003-04-19 09:53:55 +04:00
/* Perhaps its the NT group name? */
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrnam ( map , input ) ) {
2009-07-30 13:16:32 +04:00
printf ( _ ( " NT Group %s doesn't exist in mapping DB \n " ) ,
input ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2008-05-12 13:53:23 +04:00
return false ;
2003-04-19 09:53:55 +04:00
} else {
2011-09-27 01:55:47 +04:00
* sid = map - > sid ;
2003-04-19 09:53:55 +04:00
}
} else {
if ( ! string_to_sid ( sid , input ) ) {
2009-07-30 13:16:32 +04:00
printf ( _ ( " converting sid %s from a string failed! \n " ) ,
input ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2008-05-12 13:53:23 +04:00
return false ;
2003-04-19 09:53:55 +04:00
}
}
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2008-05-12 13:53:23 +04:00
return true ;
2003-04-19 09:53:55 +04:00
}
/*********************************************************
Dump a GROUP_MAP entry to stdout ( long or short listing )
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2011-03-16 22:34:30 +03:00
static void print_map_entry ( const GROUP_MAP * map , bool long_list )
2003-04-19 09:53:55 +04:00
{
if ( ! long_list )
2011-03-16 22:34:30 +03:00
d_printf ( " %s (%s) -> %s \n " , map - > nt_name ,
sid_string_tos ( & map - > sid ) , gidtoname ( map - > gid ) ) ;
2003-04-19 09:53:55 +04:00
else {
2011-03-16 22:34:30 +03:00
d_printf ( " %s \n " , map - > nt_name ) ;
d_printf ( _ ( " \t SID : %s \n " ) , sid_string_tos ( & map - > sid ) ) ;
d_printf ( _ ( " \t Unix gid : %u \n " ) , ( unsigned int ) map - > gid ) ;
d_printf ( _ ( " \t Unix group: %s \n " ) , gidtoname ( map - > gid ) ) ;
2009-07-30 13:16:32 +04:00
d_printf ( _ ( " \t Group type: %s \n " ) ,
2011-03-16 22:34:30 +03:00
sid_type_lookup ( map - > sid_name_use ) ) ;
d_printf ( _ ( " \t Comment : %s \n " ) , map - > comment ) ;
2003-04-19 09:53:55 +04:00
}
}
/*********************************************************
List the groups .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
static int net_groupmap_list ( struct net_context * c , int argc , const char * * argv )
2003-04-19 09:53:55 +04:00
{
2005-10-18 07:24:00 +04:00
size_t entries ;
2008-05-12 13:53:23 +04:00
bool long_list = false ;
2005-10-18 07:24:00 +04:00
size_t i ;
2003-04-19 09:53:55 +04:00
fstring ntgroup = " " ;
2003-04-24 20:47:32 +04:00
fstring sid_string = " " ;
2009-07-30 13:16:32 +04:00
const char list_usage_str [ ] = N_ ( " net groupmap list [verbose] "
" [ntgroup=NT group] [sid=SID] \n "
" verbose \t Print verbose list \n "
" ntgroup \t NT group to list \n "
" sid \t SID of group to list " ) ;
2008-05-19 17:55:34 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: " ) , list_usage_str ) ;
2008-05-19 17:55:34 +04:00
return 0 ;
}
2004-12-20 14:05:54 +03:00
2008-05-10 01:22:12 +04:00
if ( c - > opt_verbose | | c - > opt_long_list_entries )
2008-05-12 13:53:23 +04:00
long_list = true ;
2008-05-08 13:23:38 +04:00
2003-04-19 09:53:55 +04:00
/* get the options */
for ( i = 0 ; i < argc ; i + + ) {
2011-05-13 22:21:30 +04:00
if ( ! strcasecmp_m ( argv [ i ] , " verbose " ) ) {
2008-05-12 13:53:23 +04:00
long_list = true ;
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " ntgroup " , strlen ( " ntgroup " ) ) ) {
2003-04-19 09:53:55 +04:00
fstrcpy ( ntgroup , get_string_param ( argv [ i ] ) ) ;
if ( ! ntgroup [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a name \n " ) ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " sid " , strlen ( " sid " ) ) ) {
2003-04-24 20:47:32 +04:00
fstrcpy ( sid_string , get_string_param ( argv [ i ] ) ) ;
if ( ! sid_string [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a SID \n " ) ) ;
2003-04-24 20:47:32 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-24 20:47:32 +04:00
}
2003-04-19 09:53:55 +04:00
else {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Bad option: %s \n " ) , argv [ i ] ) ;
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: " ) , list_usage_str ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
}
/* list a single group is given a name */
2003-04-24 20:47:32 +04:00
if ( ntgroup [ 0 ] | | sid_string [ 0 ] ) {
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2008-05-08 13:23:38 +04:00
2003-04-24 20:47:32 +04:00
if ( sid_string [ 0 ] )
2011-05-04 22:38:26 +04:00
strlcpy ( ntgroup , sid_string , sizeof ( ntgroup ) ) ;
2008-05-08 13:23:38 +04:00
2003-04-19 09:53:55 +04:00
if ( ! get_sid_from_input ( & sid , ntgroup ) ) {
return - 1 ;
}
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return - 1 ;
}
2003-04-19 09:53:55 +04:00
/* Get the current mapping from the database */
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrsid ( map , sid ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Failure to local group SID in the "
" database \n " ) ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2011-09-27 01:55:47 +04:00
print_map_entry ( map , long_list ) ;
TALLOC_FREE ( map ) ;
2003-04-19 09:53:55 +04:00
}
else {
2011-09-27 01:55:47 +04:00
GROUP_MAP * * maps = NULL ;
bool ok = false ;
2003-04-19 09:53:55 +04:00
/* enumerate all group mappings */
2011-09-27 01:55:47 +04:00
ok = pdb_enum_group_mapping ( NULL , SID_NAME_UNKNOWN ,
& maps , & entries ,
ENUM_ALL_MAPPED ) ;
if ( ! ok ) {
2003-04-19 09:53:55 +04:00
return - 1 ;
2011-09-27 01:55:47 +04:00
}
2008-05-08 13:23:38 +04:00
2003-04-19 09:53:55 +04:00
for ( i = 0 ; i < entries ; i + + ) {
2011-09-27 01:55:47 +04:00
print_map_entry ( maps [ i ] , long_list ) ;
2003-04-19 09:53:55 +04:00
}
2003-07-15 21:27:39 +04:00
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( maps ) ;
2003-04-19 09:53:55 +04:00
}
return 0 ;
}
/*********************************************************
Add a new group mapping entry
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
static int net_groupmap_add ( struct net_context * c , int argc , const char * * argv )
2003-04-19 09:53:55 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-08-15 18:07:15 +04:00
fstring ntgroup = " " ;
2003-04-22 09:14:21 +04:00
fstring unixgrp = " " ;
2003-04-19 09:53:55 +04:00
fstring string_sid = " " ;
fstring type = " " ;
2006-08-15 18:07:15 +04:00
fstring ntcomment = " " ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType sid_type = SID_NAME_DOM_GRP ;
2015-05-07 03:00:06 +03:00
uint32_t rid = 0 ;
2006-08-15 18:07:15 +04:00
gid_t gid ;
2003-04-19 09:53:55 +04:00
int i ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2008-05-08 13:23:38 +04:00
2006-08-11 22:09:59 +04:00
const char * name_type ;
2009-07-30 13:16:32 +04:00
const char add_usage_str [ ] = N_ ( " net groupmap add "
" {rid=<int>|sid=<string>} "
" unixgroup=<string> "
" [type=<domain|local|builtin>] "
" [ntgroup=<string>] "
" [comment=<string>] " ) ;
2006-08-11 22:09:59 +04:00
name_type = " domain group " ;
2008-05-19 17:55:34 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: \n " ) , add_usage_str ) ;
2008-05-19 17:55:34 +04:00
return 0 ;
}
2003-04-19 09:53:55 +04:00
/* get the options */
for ( i = 0 ; i < argc ; i + + ) {
2011-05-13 22:23:36 +04:00
if ( ! strncasecmp_m ( argv [ i ] , " rid " , strlen ( " rid " ) ) ) {
2003-04-19 09:53:55 +04:00
rid = get_int_param ( argv [ i ] ) ;
2010-05-18 00:04:24 +04:00
if ( rid < DOMAIN_RID_ADMINS ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " RID must be greater than %d \n " ) ,
2015-05-10 03:06:28 +03:00
( uint32_t ) DOMAIN_RID_ADMINS - 1 ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " unixgroup " , strlen ( " unixgroup " ) ) ) {
2003-04-22 09:14:21 +04:00
fstrcpy ( unixgrp , get_string_param ( argv [ i ] ) ) ;
if ( ! unixgrp [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a name \n " ) ) ;
2003-04-22 09:14:21 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-22 09:14:21 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " ntgroup " , strlen ( " ntgroup " ) ) ) {
2006-08-15 18:07:15 +04:00
fstrcpy ( ntgroup , get_string_param ( argv [ i ] ) ) ;
if ( ! ntgroup [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a name \n " ) ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " sid " , strlen ( " sid " ) ) ) {
2003-04-22 03:23:24 +04:00
fstrcpy ( string_sid , get_string_param ( argv [ i ] ) ) ;
if ( ! string_sid [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a SID \n " ) ) ;
2003-04-21 23:43:25 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-21 23:43:25 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " comment " , strlen ( " comment " ) ) ) {
2006-08-15 18:07:15 +04:00
fstrcpy ( ntcomment , get_string_param ( argv [ i ] ) ) ;
if ( ! ntcomment [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " must supply a comment string \n " ) ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " type " , strlen ( " type " ) ) ) {
2003-04-19 09:53:55 +04:00
fstrcpy ( type , get_string_param ( argv [ i ] ) ) ;
switch ( type [ 0 ] ) {
case ' b ' :
case ' B ' :
2006-08-15 18:07:15 +04:00
sid_type = SID_NAME_WKN_GRP ;
2006-08-11 22:09:59 +04:00
name_type = " wellknown group " ;
2003-04-19 09:53:55 +04:00
break ;
case ' d ' :
case ' D ' :
2006-08-15 18:07:15 +04:00
sid_type = SID_NAME_DOM_GRP ;
2006-08-11 22:09:59 +04:00
name_type = " domain group " ;
2003-04-19 09:53:55 +04:00
break ;
case ' l ' :
case ' L ' :
2006-08-15 18:07:15 +04:00
sid_type = SID_NAME_ALIAS ;
2006-08-11 22:09:59 +04:00
name_type = " alias (local) group " ;
2003-04-19 09:53:55 +04:00
break ;
2006-08-11 22:09:59 +04:00
default :
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " unknown group type %s \n " ) ,
type ) ;
2006-08-11 22:09:59 +04:00
return - 1 ;
2003-04-19 09:53:55 +04:00
}
}
else {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Bad option: %s \n " ) , argv [ i ] ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
}
2003-08-06 13:24:11 +04:00
if ( ! unixgrp [ 0 ] ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: \n " ) , add_usage_str ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2006-08-15 18:07:15 +04:00
if ( ( gid = nametogid ( unixgrp ) ) = = ( gid_t ) - 1 ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Can't lookup UNIX group %s \n " ) , unixgrp ) ;
2003-08-06 13:24:11 +04:00
return - 1 ;
}
2006-02-04 01:19:41 +03:00
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return - 1 ;
}
/* Default is domain group. */
map - > sid_name_use = SID_NAME_DOM_GRP ;
if ( pdb_getgrgid ( map , gid ) ) {
d_printf ( _ ( " Unix group %s already mapped to SID %s \n " ) ,
unixgrp , sid_string_tos ( & map - > sid ) ) ;
TALLOC_FREE ( map ) ;
return - 1 ;
2006-02-04 01:19:41 +03:00
}
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2008-05-08 13:23:38 +04:00
2003-08-15 05:55:06 +04:00
if ( ( rid = = 0 ) & & ( string_sid [ 0 ] = = ' \0 ' ) ) {
2009-07-30 13:16:32 +04:00
d_printf ( _ ( " No rid or sid specified, choosing a RID \n " ) ) ;
2009-06-28 19:36:12 +04:00
if ( pdb_capabilities ( ) & PDB_CAP_STORE_RIDS ) {
2006-02-04 01:19:41 +03:00
if ( ! pdb_new_rid ( & rid ) ) {
2009-07-30 13:16:32 +04:00
d_printf ( _ ( " Could not get new RID \n " ) ) ;
2006-02-04 01:19:41 +03:00
}
2009-06-28 19:36:12 +04:00
} else {
rid = algorithmic_pdb_gid_to_group_rid ( gid ) ;
2006-02-04 01:19:41 +03:00
}
2009-07-30 13:16:32 +04:00
d_printf ( _ ( " Got RID %d \n " ) , rid ) ;
2003-08-06 13:24:11 +04:00
}
2003-04-21 23:43:25 +04:00
/* append the rid to our own domain/machine SID if we don't have a full SID */
2003-04-22 03:23:24 +04:00
if ( ! string_sid [ 0 ] ) {
2010-01-10 19:39:27 +03:00
sid_compose ( & sid , get_global_sam_sid ( ) , rid ) ;
2007-12-16 00:47:30 +03:00
sid_to_fstring ( string_sid , & sid ) ;
2003-04-21 23:43:25 +04:00
}
2003-04-19 09:53:55 +04:00
2006-08-15 18:07:15 +04:00
if ( ! ntcomment [ 0 ] ) {
switch ( sid_type ) {
2005-02-05 01:27:14 +03:00
case SID_NAME_WKN_GRP :
2006-08-15 18:07:15 +04:00
fstrcpy ( ntcomment , " Wellknown Unix group " ) ;
2005-02-05 01:27:14 +03:00
break ;
case SID_NAME_DOM_GRP :
2006-08-15 18:07:15 +04:00
fstrcpy ( ntcomment , " Domain Unix group " ) ;
2005-02-05 01:27:14 +03:00
break ;
case SID_NAME_ALIAS :
2006-08-15 18:07:15 +04:00
fstrcpy ( ntcomment , " Local Unix group " ) ;
2005-02-05 01:27:14 +03:00
break ;
default :
2006-08-15 18:07:15 +04:00
fstrcpy ( ntcomment , " Unix group " ) ;
2005-02-05 01:27:14 +03:00
break ;
}
}
2008-05-08 13:23:38 +04:00
2006-08-15 18:07:15 +04:00
if ( ! ntgroup [ 0 ] )
2011-05-04 22:38:26 +04:00
strlcpy ( ntgroup , unixgrp , sizeof ( ntgroup ) ) ;
2008-05-08 13:23:38 +04:00
2006-08-15 18:07:15 +04:00
if ( ! NT_STATUS_IS_OK ( add_initial_entry ( gid , string_sid , sid_type , ntgroup , ntcomment ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " adding entry for group %s failed! \n " ) , ntgroup ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2009-07-30 13:16:32 +04:00
d_printf ( _ ( " Successfully added group %s to the mapping db as a %s \n " ) ,
2006-08-15 18:07:15 +04:00
ntgroup , name_type ) ;
2003-04-19 09:53:55 +04:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_modify ( struct net_context * c , int argc , const char * * argv )
2003-04-19 09:53:55 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map = NULL ;
2003-04-19 09:53:55 +04:00
fstring ntcomment = " " ;
fstring type = " " ;
fstring ntgroup = " " ;
2003-04-23 04:34:31 +04:00
fstring unixgrp = " " ;
2003-04-22 09:14:21 +04:00
fstring sid_string = " " ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType sid_type = SID_NAME_UNKNOWN ;
2003-04-19 09:53:55 +04:00
int i ;
2003-04-23 04:34:31 +04:00
gid_t gid ;
2009-07-30 13:16:32 +04:00
const char modify_usage_str [ ] = N_ ( " net groupmap modify "
" {ntgroup=<string>|sid=<SID>} "
" [comment=<string>] "
" [unixgroup=<string>] "
" [type=<domain|local>] " ) ;
2008-05-19 17:55:34 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: \n " ) , modify_usage_str ) ;
2008-05-19 17:55:34 +04:00
return 0 ;
}
2003-04-19 09:53:55 +04:00
/* get the options */
for ( i = 0 ; i < argc ; i + + ) {
2011-05-13 22:23:36 +04:00
if ( ! strncasecmp_m ( argv [ i ] , " ntgroup " , strlen ( " ntgroup " ) ) ) {
2003-04-19 09:53:55 +04:00
fstrcpy ( ntgroup , get_string_param ( argv [ i ] ) ) ;
if ( ! ntgroup [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a name \n " ) ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " sid " , strlen ( " sid " ) ) ) {
2003-04-22 09:14:21 +04:00
fstrcpy ( sid_string , get_string_param ( argv [ i ] ) ) ;
if ( ! sid_string [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a name \n " ) ) ;
2003-04-22 09:14:21 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-22 09:14:21 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " comment " , strlen ( " comment " ) ) ) {
2003-04-19 09:53:55 +04:00
fstrcpy ( ntcomment , get_string_param ( argv [ i ] ) ) ;
if ( ! ntcomment [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " must supply a comment string \n " ) ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " unixgroup " , strlen ( " unixgroup " ) ) ) {
2003-04-23 04:34:31 +04:00
fstrcpy ( unixgrp , get_string_param ( argv [ i ] ) ) ;
if ( ! unixgrp [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " must supply a group name \n " ) ) ;
2003-04-23 04:34:31 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-23 04:34:31 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " type " , strlen ( " type " ) ) ) {
2003-04-19 09:53:55 +04:00
fstrcpy ( type , get_string_param ( argv [ i ] ) ) ;
switch ( type [ 0 ] ) {
case ' d ' :
case ' D ' :
sid_type = SID_NAME_DOM_GRP ;
break ;
case ' l ' :
case ' L ' :
sid_type = SID_NAME_ALIAS ;
break ;
}
}
else {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Bad option: %s \n " ) , argv [ i ] ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
}
2008-05-08 13:23:38 +04:00
2003-04-22 09:14:21 +04:00
if ( ! ntgroup [ 0 ] & & ! sid_string [ 0 ] ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: \n " ) , modify_usage_str ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2003-04-22 09:14:21 +04:00
/* give preference to the SID; if both the ntgroup name and SID
2008-05-08 13:23:38 +04:00
are defined , use the SID and assume that the group name could be a
2003-04-22 09:14:21 +04:00
new name */
2008-05-08 13:23:38 +04:00
if ( sid_string [ 0 ] ) {
2003-04-22 09:14:21 +04:00
if ( ! get_sid_from_input ( & sid , sid_string ) ) {
return - 1 ;
}
2003-04-19 09:53:55 +04:00
}
2003-04-22 09:14:21 +04:00
else {
if ( ! get_sid_from_input ( & sid , ntgroup ) ) {
return - 1 ;
}
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return - 1 ;
}
2003-04-19 09:53:55 +04:00
/* Get the current mapping from the database */
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrsid ( map , sid ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Failed to find local group SID in the database \n " ) ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2003-04-19 09:53:55 +04:00
/*
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups ! ! ! ( SID problem )
2008-05-08 13:23:38 +04:00
*/
2006-08-11 22:09:59 +04:00
if ( sid_type = = SID_NAME_UNKNOWN ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Can't map to an unknown group type. \n " ) ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2006-08-11 22:09:59 +04:00
return - 1 ;
2006-08-15 18:07:15 +04:00
}
2006-08-11 22:09:59 +04:00
2011-09-27 01:55:47 +04:00
if ( map - > sid_name_use = = SID_NAME_WKN_GRP ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " You can only change between domain and local "
" groups. \n " ) ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2006-08-11 22:09:59 +04:00
return - 1 ;
2003-04-19 09:53:55 +04:00
}
2006-08-15 18:07:15 +04:00
2011-09-27 01:55:47 +04:00
map - > sid_name_use = sid_type ;
2003-04-19 09:53:55 +04:00
/* Change comment if new one */
2011-09-27 01:55:47 +04:00
if ( ntcomment [ 0 ] ) {
map - > comment = talloc_strdup ( map , ntcomment ) ;
if ( ! map - > comment ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
return - 1 ;
}
}
2008-05-08 13:23:38 +04:00
2011-09-27 01:55:47 +04:00
if ( ntgroup [ 0 ] ) {
map - > nt_name = talloc_strdup ( map , ntgroup ) ;
if ( ! map - > nt_name ) {
d_fprintf ( stderr , _ ( " Out of memory! \n " ) ) ;
return - 1 ;
}
}
2008-05-08 13:23:38 +04:00
2003-04-23 04:34:31 +04:00
if ( unixgrp [ 0 ] ) {
gid = nametogid ( unixgrp ) ;
if ( gid = = - 1 ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Unable to lookup UNIX group %s. "
" Make sure the group exists. \n " ) ,
2003-04-23 04:34:31 +04:00
unixgrp ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2003-04-23 04:34:31 +04:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2011-09-27 01:55:47 +04:00
map - > gid = gid ;
2003-04-23 04:34:31 +04:00
}
2003-04-19 09:53:55 +04:00
2011-09-27 01:55:47 +04:00
if ( ! NT_STATUS_IS_OK ( pdb_update_group_mapping_entry ( map ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not update group database \n " ) ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2011-09-27 01:55:47 +04:00
d_printf ( _ ( " Updated mapping entry for %s \n " ) , map - > nt_name ) ;
2003-04-19 09:53:55 +04:00
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2003-04-19 09:53:55 +04:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_delete ( struct net_context * c , int argc , const char * * argv )
2003-04-19 09:53:55 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2003-04-19 09:53:55 +04:00
fstring ntgroup = " " ;
2003-04-22 09:14:21 +04:00
fstring sid_string = " " ;
2003-04-19 09:53:55 +04:00
int i ;
2009-07-30 13:16:32 +04:00
const char delete_usage_str [ ] = N_ ( " net groupmap delete "
" {ntgroup=<string>|sid=<SID>} " ) ;
2008-05-19 17:55:34 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: \n " ) , delete_usage_str ) ;
2008-05-19 17:55:34 +04:00
return 0 ;
}
2003-04-19 09:53:55 +04:00
/* get the options */
for ( i = 0 ; i < argc ; i + + ) {
2011-05-13 22:23:36 +04:00
if ( ! strncasecmp_m ( argv [ i ] , " ntgroup " , strlen ( " ntgroup " ) ) ) {
2003-04-19 09:53:55 +04:00
fstrcpy ( ntgroup , get_string_param ( argv [ i ] ) ) ;
if ( ! ntgroup [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a name \n " ) ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-19 09:53:55 +04:00
}
2011-05-13 22:23:36 +04:00
else if ( ! strncasecmp_m ( argv [ i ] , " sid " , strlen ( " sid " ) ) ) {
2003-04-22 09:14:21 +04:00
fstrcpy ( sid_string , get_string_param ( argv [ i ] ) ) ;
if ( ! sid_string [ 0 ] ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " must supply a SID \n " ) ) ;
2003-04-22 09:14:21 +04:00
return - 1 ;
2008-05-08 13:23:38 +04:00
}
2003-04-22 09:14:21 +04:00
}
2003-04-19 09:53:55 +04:00
else {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Bad option: %s \n " ) , argv [ i ] ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
}
2008-05-08 13:23:38 +04:00
2003-04-22 09:14:21 +04:00
if ( ! ntgroup [ 0 ] & & ! sid_string [ 0 ] ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n " , _ ( " Usage: \n " ) , delete_usage_str ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2008-05-08 13:23:38 +04:00
2003-04-22 09:14:21 +04:00
/* give preference to the SID if we have that */
2008-05-08 13:23:38 +04:00
2003-04-22 09:14:21 +04:00
if ( sid_string [ 0 ] )
2011-05-04 22:38:26 +04:00
strlcpy ( ntgroup , sid_string , sizeof ( ntgroup ) ) ;
2008-05-08 13:23:38 +04:00
2003-04-19 09:53:55 +04:00
if ( ! get_sid_from_input ( & sid , ntgroup ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Unable to resolve group %s to a SID \n " ) ,
ntgroup ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2006-02-13 20:08:25 +03:00
if ( ! NT_STATUS_IS_OK ( pdb_delete_group_mapping_entry ( sid ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Failed to remove group %s from the mapping db! \n " ) ,
ntgroup ) ;
2003-04-19 09:53:55 +04:00
return - 1 ;
}
2014-03-30 06:04:18 +04:00
d_printf ( _ ( " Successfully removed %s from the mapping db \n " ) , ntgroup ) ;
2003-04-19 09:53:55 +04:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_set ( struct net_context * c , int argc , const char * * argv )
2004-02-26 14:29:56 +03:00
{
const char * ntgroup = NULL ;
struct group * grp = NULL ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2008-05-12 13:53:23 +04:00
bool have_map = false ;
2004-02-26 14:29:56 +03:00
2008-05-19 17:55:34 +04:00
if ( ( argc < 1 ) | | ( argc > 2 ) | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net groupmap set \" NT Group \" "
" [ \" unix group \" ] [-C \" comment \" ] [-L] [-D] \n " ) ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
2008-05-10 01:22:12 +04:00
if ( c - > opt_localgroup & & c - > opt_domaingroup ) {
2009-07-30 13:16:32 +04:00
d_printf ( _ ( " Can only specify -L or -D, not both \n " ) ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
ntgroup = argv [ 0 ] ;
if ( argc = = 2 ) {
grp = getgrnam ( argv [ 1 ] ) ;
if ( grp = = NULL ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not find unix group %s \n " ) ,
argv [ 1 ] ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
}
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
d_printf ( _ ( " Out of memory! \n " ) ) ;
return - 1 ;
}
have_map = pdb_getgrnam ( map , ntgroup ) ;
2004-02-26 14:29:56 +03:00
if ( ! have_map ) {
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2004-02-26 14:29:56 +03:00
have_map = ( ( strncmp ( ntgroup , " S- " , 2 ) = = 0 ) & &
string_to_sid ( & sid , ntgroup ) & &
2011-09-27 01:55:47 +04:00
pdb_getgrsid ( map , sid ) ) ;
2004-02-26 14:29:56 +03:00
}
if ( ! have_map ) {
/* Ok, add it */
if ( grp = = NULL ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Could not find group mapping for %s \n " ) ,
ntgroup ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
2011-09-27 01:55:47 +04:00
map - > gid = grp - > gr_gid ;
2004-02-26 14:29:56 +03:00
2008-05-10 01:22:12 +04:00
if ( c - > opt_rid = = 0 ) {
2009-06-28 19:36:12 +04:00
if ( pdb_capabilities ( ) & PDB_CAP_STORE_RIDS ) {
2015-05-14 03:26:01 +03:00
if ( ! pdb_new_rid ( ( uint32_t * ) & c - > opt_rid ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Could not allocate new RID \n " ) ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2006-08-22 00:04:01 +04:00
return - 1 ;
}
2009-06-28 19:36:12 +04:00
} else {
2011-09-27 01:55:47 +04:00
c - > opt_rid = algorithmic_pdb_gid_to_group_rid ( map - > gid ) ;
2006-08-22 00:04:01 +04:00
}
2004-02-26 14:29:56 +03:00
}
2011-09-27 01:55:47 +04:00
sid_compose ( & map - > sid , get_global_sam_sid ( ) , c - > opt_rid ) ;
2004-02-26 14:29:56 +03:00
2011-09-27 01:55:47 +04:00
map - > sid_name_use = SID_NAME_DOM_GRP ;
map - > nt_name = talloc_strdup ( map , ntgroup ) ;
map - > comment = talloc_strdup ( map , " " ) ;
if ( ! map - > nt_name | | ! map - > comment ) {
d_printf ( _ ( " Out of memory! \n " ) ) ;
TALLOC_FREE ( map ) ;
return - 1 ;
}
2004-02-26 14:29:56 +03:00
2011-09-27 01:55:47 +04:00
if ( ! NT_STATUS_IS_OK ( pdb_add_group_mapping_entry ( map ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Could not add mapping entry for %s \n " ) ,
ntgroup ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
}
/* Now we have a mapping entry, update that stuff */
2008-05-10 01:22:12 +04:00
if ( c - > opt_localgroup | | c - > opt_domaingroup ) {
2011-09-27 01:55:47 +04:00
if ( map - > sid_name_use = = SID_NAME_WKN_GRP ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr ,
_ ( " Can't change type of the BUILTIN "
" group %s \n " ) ,
2011-09-27 01:55:47 +04:00
map - > nt_name ) ;
TALLOC_FREE ( map ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
}
2008-05-10 01:22:12 +04:00
if ( c - > opt_localgroup )
2011-09-27 01:55:47 +04:00
map - > sid_name_use = SID_NAME_ALIAS ;
2004-02-26 14:29:56 +03:00
2008-05-10 01:22:12 +04:00
if ( c - > opt_domaingroup )
2011-09-27 01:55:47 +04:00
map - > sid_name_use = SID_NAME_DOM_GRP ;
2004-02-26 14:29:56 +03:00
/* The case (opt_domaingroup && opt_localgroup) was tested for above */
2009-05-07 12:09:32 +04:00
if ( ( c - > opt_comment ! = NULL ) & & ( strlen ( c - > opt_comment ) > 0 ) ) {
2011-09-27 01:55:47 +04:00
map - > comment = talloc_strdup ( map , c - > opt_comment ) ;
if ( ! map - > comment ) {
d_printf ( _ ( " Out of memory! \n " ) ) ;
TALLOC_FREE ( map ) ;
return - 1 ;
}
2009-05-07 12:09:32 +04:00
}
2004-02-26 14:29:56 +03:00
2009-05-07 12:09:32 +04:00
if ( ( c - > opt_newntname ! = NULL ) & & ( strlen ( c - > opt_newntname ) > 0 ) ) {
2011-09-27 01:55:47 +04:00
map - > nt_name = talloc_strdup ( map , c - > opt_newntname ) ;
if ( ! map - > nt_name ) {
d_printf ( _ ( " Out of memory! \n " ) ) ;
TALLOC_FREE ( map ) ;
return - 1 ;
}
2009-05-07 12:09:32 +04:00
}
2004-02-26 14:29:56 +03:00
if ( grp ! = NULL )
2011-09-27 01:55:47 +04:00
map - > gid = grp - > gr_gid ;
2004-02-26 14:29:56 +03:00
2011-09-27 01:55:47 +04:00
if ( ! NT_STATUS_IS_OK ( pdb_update_group_mapping_entry ( map ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not update group mapping for %s \n " ) ,
ntgroup ) ;
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( map ) ;
2004-02-26 14:29:56 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_cleanup ( struct net_context * c , int argc , const char * * argv )
2004-02-26 14:29:56 +03:00
{
2011-09-27 01:55:47 +04:00
GROUP_MAP * * maps = NULL ;
2005-10-18 07:24:00 +04:00
size_t i , entries ;
2004-02-26 14:29:56 +03:00
2008-05-19 17:55:34 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n "
2009-07-30 13:16:32 +04:00
" net groupmap cleanup \n "
2010-01-19 13:43:54 +03:00
" %s \n " ,
_ ( " Usage: " ) ,
_ ( " Delete all group mappings " ) ) ;
2008-05-19 17:55:34 +04:00
return 0 ;
}
2011-09-27 01:55:47 +04:00
if ( ! pdb_enum_group_mapping ( NULL , SID_NAME_UNKNOWN , & maps , & entries ,
2006-08-15 18:07:15 +04:00
ENUM_ALL_MAPPED ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not list group mappings \n " ) ) ;
2004-02-26 14:29:56 +03:00
return - 1 ;
}
for ( i = 0 ; i < entries ; i + + ) {
2011-09-27 01:55:47 +04:00
if ( maps [ i ] - > gid = = - 1 )
printf ( _ ( " Group %s is not mapped \n " ) ,
maps [ i ] - > nt_name ) ;
2004-02-26 14:29:56 +03:00
2017-09-30 09:45:41 +03:00
if ( ! sid_check_is_in_our_sam ( & maps [ i ] - > sid ) & &
! sid_check_is_in_builtin ( & maps [ i ] - > sid ) )
{
2009-07-30 13:16:32 +04:00
printf ( _ ( " Deleting mapping for NT Group %s, sid %s \n " ) ,
2011-09-27 01:55:47 +04:00
maps [ i ] - > nt_name ,
sid_string_tos ( & maps [ i ] - > sid ) ) ;
pdb_delete_group_mapping_entry ( maps [ i ] - > sid ) ;
2004-02-26 14:29:56 +03:00
}
}
2011-09-27 01:55:47 +04:00
TALLOC_FREE ( maps ) ;
2004-02-26 14:29:56 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_addmem ( struct net_context * c , int argc , const char * * argv )
2004-04-07 16:43:44 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid alias , member ;
2004-04-07 16:43:44 +04:00
2008-05-08 13:23:38 +04:00
if ( ( argc ! = 2 ) | |
2008-05-19 17:55:34 +04:00
c - > display_usage | |
2004-04-07 16:43:44 +04:00
! string_to_sid ( & alias , argv [ 0 ] ) | |
! string_to_sid ( & member , argv [ 1 ] ) ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net groupmap addmem alias-sid member-sid \n " ) ) ;
2004-04-07 16:43:44 +04:00
return - 1 ;
}
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( pdb_add_aliasmem ( & alias , & member ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not add sid %s to alias %s \n " ) ,
2004-04-07 16:43:44 +04:00
argv [ 1 ] , argv [ 0 ] ) ;
return - 1 ;
}
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_delmem ( struct net_context * c , int argc , const char * * argv )
2004-04-07 16:43:44 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid alias , member ;
2004-04-07 16:43:44 +04:00
2008-05-19 17:55:34 +04:00
if ( ( argc ! = 2 ) | |
c - > display_usage | |
2004-04-07 16:43:44 +04:00
! string_to_sid ( & alias , argv [ 0 ] ) | |
! string_to_sid ( & member , argv [ 1 ] ) ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net groupmap delmem alias-sid member-sid \n " ) ) ;
2004-04-07 16:43:44 +04:00
return - 1 ;
}
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( pdb_del_aliasmem ( & alias , & member ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not delete sid %s from alias %s \n " ) ,
2004-04-07 16:43:44 +04:00
argv [ 1 ] , argv [ 0 ] ) ;
return - 1 ;
}
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_listmem ( struct net_context * c , int argc , const char * * argv )
2004-04-07 16:43:44 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid alias ;
struct dom_sid * members ;
2005-10-18 07:24:00 +04:00
size_t i , num ;
2004-04-07 16:43:44 +04:00
2008-05-19 17:55:34 +04:00
if ( ( argc ! = 1 ) | |
c - > display_usage | |
2004-04-07 16:43:44 +04:00
! string_to_sid ( & alias , argv [ 0 ] ) ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net groupmap listmem alias-sid \n " ) ) ;
2004-04-07 16:43:44 +04:00
return - 1 ;
}
2005-12-08 18:34:38 +03:00
members = NULL ;
num = 0 ;
2009-06-08 21:43:01 +04:00
if ( ! NT_STATUS_IS_OK ( pdb_enum_aliasmem ( & alias , talloc_tos ( ) ,
& members , & num ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not list members for sid %s \n " ) ,
argv [ 0 ] ) ;
2004-04-07 16:43:44 +04:00
return - 1 ;
}
for ( i = 0 ; i < num ; i + + ) {
2007-12-15 23:53:26 +03:00
printf ( " %s \n " , sid_string_tos ( & ( members [ i ] ) ) ) ;
2004-04-07 16:43:44 +04:00
}
2007-06-04 05:51:18 +04:00
TALLOC_FREE ( members ) ;
2004-04-07 16:43:44 +04:00
return 0 ;
}
2007-10-19 04:40:25 +04:00
static bool print_alias_memberships ( TALLOC_CTX * mem_ctx ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * domain_sid ,
const struct dom_sid * member )
2005-03-27 20:33:04 +04:00
{
2015-05-07 03:00:06 +03:00
uint32_t * alias_rids ;
2005-10-18 07:24:00 +04:00
size_t i , num_alias_rids ;
2005-03-27 20:33:04 +04:00
alias_rids = NULL ;
num_alias_rids = 0 ;
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( pdb_enum_alias_memberships (
mem_ctx , domain_sid , member , 1 ,
& alias_rids , & num_alias_rids ) ) ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not list memberships for sid %s \n " ) ,
2007-12-15 23:53:26 +03:00
sid_string_tos ( member ) ) ;
2008-05-12 13:53:23 +04:00
return false ;
2005-03-27 20:33:04 +04:00
}
for ( i = 0 ; i < num_alias_rids ; i + + ) {
2010-05-21 05:25:01 +04:00
struct dom_sid alias ;
2010-01-10 19:39:27 +03:00
sid_compose ( & alias , domain_sid , alias_rids [ i ] ) ;
2007-12-15 23:53:26 +03:00
printf ( " %s \n " , sid_string_tos ( & alias ) ) ;
2005-03-27 20:33:04 +04:00
}
2008-05-12 13:53:23 +04:00
return true ;
2005-03-27 20:33:04 +04:00
}
2008-05-10 01:22:12 +04:00
static int net_groupmap_memberships ( struct net_context * c , int argc , const char * * argv )
2004-04-07 16:43:44 +04:00
{
2005-03-27 20:33:04 +04:00
TALLOC_CTX * mem_ctx ;
2010-05-21 05:25:01 +04:00
struct dom_sid * domain_sid , member ;
2004-04-07 16:43:44 +04:00
2008-05-19 17:55:34 +04:00
if ( ( argc ! = 1 ) | |
c - > display_usage | |
2004-04-07 16:43:44 +04:00
! string_to_sid ( & member , argv [ 0 ] ) ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
2012-01-06 01:54:29 +04:00
_ ( " net groupmap memberships sid \n " ) ) ;
2004-04-07 16:43:44 +04:00
return - 1 ;
}
2005-03-27 20:33:04 +04:00
mem_ctx = talloc_init ( " net_groupmap_memberships " ) ;
if ( mem_ctx = = NULL ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " talloc_init failed \n " ) ) ;
2004-04-07 16:43:44 +04:00
return - 1 ;
}
2005-03-27 20:33:04 +04:00
domain_sid = get_global_sam_sid ( ) ;
2010-01-23 15:17:28 +03:00
if ( domain_sid = = NULL ) {
2009-07-30 13:16:32 +04:00
d_fprintf ( stderr , _ ( " Could not get domain sid \n " ) ) ;
2005-03-27 20:33:04 +04:00
return - 1 ;
2004-04-07 16:43:44 +04:00
}
2005-03-27 20:33:04 +04:00
if ( ! print_alias_memberships ( mem_ctx , domain_sid , & member ) | |
2010-01-23 15:17:28 +03:00
! print_alias_memberships ( mem_ctx , & global_sid_Builtin , & member ) )
2005-03-27 20:33:04 +04:00
return - 1 ;
talloc_destroy ( mem_ctx ) ;
2004-04-07 16:43:44 +04:00
return 0 ;
}
2003-06-21 12:35:30 +04:00
/***********************************************************
migrated functionality from smbgroupedit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-05-10 01:22:12 +04:00
int net_groupmap ( struct net_context * c , int argc , const char * * argv )
2003-06-21 12:35:30 +04:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-05-19 17:55:34 +04:00
{
" add " ,
net_groupmap_add ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Create a new group mapping " ) ,
N_ ( " net groupmap add \n "
" Create a new group mapping " )
2008-05-19 17:55:34 +04:00
} ,
{
" modify " ,
net_groupmap_modify ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Update a group mapping " ) ,
N_ ( " net groupmap modify \n "
" Modify an existing group mapping " )
2008-05-19 17:55:34 +04:00
} ,
{
" delete " ,
net_groupmap_delete ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Remove a group mapping " ) ,
N_ ( " net groupmap delete \n "
" Remove a group mapping " )
2008-05-19 17:55:34 +04:00
} ,
{
" set " ,
net_groupmap_set ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Set group mapping " ) ,
N_ ( " net groupmap set \n "
" Set a group mapping " )
2008-05-19 17:55:34 +04:00
} ,
{
" cleanup " ,
net_groupmap_cleanup ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Remove foreign group mapping entries " ) ,
N_ ( " net groupmap cleanup \n "
" Remove foreign group mapping entries " )
2008-05-19 17:55:34 +04:00
} ,
{
" addmem " ,
net_groupmap_addmem ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Add a foreign alias member " ) ,
N_ ( " net groupmap addmem \n "
" Add a foreign alias member " )
2008-05-19 17:55:34 +04:00
} ,
{
" delmem " ,
net_groupmap_delmem ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " Delete foreign alias member " ) ,
N_ ( " net groupmap delmem \n "
" Delete foreign alias member " )
2008-05-19 17:55:34 +04:00
} ,
{
" listmem " ,
net_groupmap_listmem ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " List foreign group members " ) ,
N_ ( " net groupmap listmem \n "
" List foreign alias members " )
2008-05-19 17:55:34 +04:00
} ,
{
" memberships " ,
net_groupmap_memberships ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " List foreign group memberships " ) ,
N_ ( " net groupmap memberships \n "
" List foreign group memberships " )
2008-05-19 17:55:34 +04:00
} ,
{
" list " ,
net_groupmap_list ,
NET_TRANSPORT_LOCAL ,
2009-07-30 13:16:32 +04:00
N_ ( " List current group map " ) ,
N_ ( " net groupmap list \n "
" List current group map " )
2008-05-19 17:55:34 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2003-06-21 12:35:30 +04:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net groupmap " , func ) ;
2003-06-21 12:35:30 +04:00
}