00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022 #include "includes.h"
00023 #include "utils/net.h"
00024
00025
00026
00027
00028
00029 static int net_sam_userset(int argc, const char **argv, const char *field,
00030 BOOL (*fn)(struct samu *, const char *,
00031 enum pdb_value_state))
00032 {
00033 struct samu *sam_acct = NULL;
00034 DOM_SID sid;
00035 enum lsa_SidType type;
00036 const char *dom, *name;
00037 NTSTATUS status;
00038
00039 if (argc != 2) {
00040 d_fprintf(stderr, "usage: net sam set %s <user> <value>\n",
00041 field);
00042 return -1;
00043 }
00044
00045 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00046 &dom, &name, &sid, &type)) {
00047 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00048 return -1;
00049 }
00050
00051 if (type != SID_NAME_USER) {
00052 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
00053 sid_type_lookup(type));
00054 return -1;
00055 }
00056
00057 if ( !(sam_acct = samu_new( NULL )) ) {
00058 d_fprintf(stderr, "Internal error\n");
00059 return -1;
00060 }
00061
00062 if (!pdb_getsampwsid(sam_acct, &sid)) {
00063 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
00064 return -1;
00065 }
00066
00067 if (!fn(sam_acct, argv[1], PDB_CHANGED)) {
00068 d_fprintf(stderr, "Internal error\n");
00069 return -1;
00070 }
00071
00072 status = pdb_update_sam_account(sam_acct);
00073 if (!NT_STATUS_IS_OK(status)) {
00074 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
00075 argv[0], nt_errstr(status));
00076 return -1;
00077 }
00078
00079 TALLOC_FREE(sam_acct);
00080
00081 d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]);
00082 return 0;
00083 }
00084
00085 static int net_sam_set_fullname(int argc, const char **argv)
00086 {
00087 return net_sam_userset(argc, argv, "fullname",
00088 pdb_set_fullname);
00089 }
00090
00091 static int net_sam_set_logonscript(int argc, const char **argv)
00092 {
00093 return net_sam_userset(argc, argv, "logonscript",
00094 pdb_set_logon_script);
00095 }
00096
00097 static int net_sam_set_profilepath(int argc, const char **argv)
00098 {
00099 return net_sam_userset(argc, argv, "profilepath",
00100 pdb_set_profile_path);
00101 }
00102
00103 static int net_sam_set_homedrive(int argc, const char **argv)
00104 {
00105 return net_sam_userset(argc, argv, "homedrive",
00106 pdb_set_dir_drive);
00107 }
00108
00109 static int net_sam_set_homedir(int argc, const char **argv)
00110 {
00111 return net_sam_userset(argc, argv, "homedir",
00112 pdb_set_homedir);
00113 }
00114
00115 static int net_sam_set_workstations(int argc, const char **argv)
00116 {
00117 return net_sam_userset(argc, argv, "workstations",
00118 pdb_set_workstations);
00119 }
00120
00121
00122
00123
00124
00125 static int net_sam_set_userflag(int argc, const char **argv, const char *field,
00126 uint16 flag)
00127 {
00128 struct samu *sam_acct = NULL;
00129 DOM_SID sid;
00130 enum lsa_SidType type;
00131 const char *dom, *name;
00132 NTSTATUS status;
00133 uint16 acct_flags;
00134
00135 if ((argc != 2) || (!strequal(argv[1], "yes") &&
00136 !strequal(argv[1], "no"))) {
00137 d_fprintf(stderr, "usage: net sam set %s <user> [yes|no]\n",
00138 field);
00139 return -1;
00140 }
00141
00142 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00143 &dom, &name, &sid, &type)) {
00144 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00145 return -1;
00146 }
00147
00148 if (type != SID_NAME_USER) {
00149 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
00150 sid_type_lookup(type));
00151 return -1;
00152 }
00153
00154 if ( !(sam_acct = samu_new( NULL )) ) {
00155 d_fprintf(stderr, "Internal error\n");
00156 return -1;
00157 }
00158
00159 if (!pdb_getsampwsid(sam_acct, &sid)) {
00160 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
00161 return -1;
00162 }
00163
00164 acct_flags = pdb_get_acct_ctrl(sam_acct);
00165
00166 if (strequal(argv[1], "yes")) {
00167 acct_flags |= flag;
00168 } else {
00169 acct_flags &= ~flag;
00170 }
00171
00172 pdb_set_acct_ctrl(sam_acct, acct_flags, PDB_CHANGED);
00173
00174 status = pdb_update_sam_account(sam_acct);
00175 if (!NT_STATUS_IS_OK(status)) {
00176 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
00177 argv[0], nt_errstr(status));
00178 return -1;
00179 }
00180
00181 TALLOC_FREE(sam_acct);
00182
00183 d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom,
00184 name, argv[1]);
00185 return 0;
00186 }
00187
00188 static int net_sam_set_disabled(int argc, const char **argv)
00189 {
00190 return net_sam_set_userflag(argc, argv, "disabled", ACB_DISABLED);
00191 }
00192
00193 static int net_sam_set_pwnotreq(int argc, const char **argv)
00194 {
00195 return net_sam_set_userflag(argc, argv, "pwnotreq", ACB_PWNOTREQ);
00196 }
00197
00198 static int net_sam_set_autolock(int argc, const char **argv)
00199 {
00200 return net_sam_set_userflag(argc, argv, "autolock", ACB_AUTOLOCK);
00201 }
00202
00203 static int net_sam_set_pwnoexp(int argc, const char **argv)
00204 {
00205 return net_sam_set_userflag(argc, argv, "pwnoexp", ACB_PWNOEXP);
00206 }
00207
00208
00209
00210
00211
00212 static int net_sam_set_pwdmustchangenow(int argc, const char **argv)
00213 {
00214 struct samu *sam_acct = NULL;
00215 DOM_SID sid;
00216 enum lsa_SidType type;
00217 const char *dom, *name;
00218 NTSTATUS status;
00219
00220 if ((argc != 2) || (!strequal(argv[1], "yes") &&
00221 !strequal(argv[1], "no"))) {
00222 d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n");
00223 return -1;
00224 }
00225
00226 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00227 &dom, &name, &sid, &type)) {
00228 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00229 return -1;
00230 }
00231
00232 if (type != SID_NAME_USER) {
00233 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
00234 sid_type_lookup(type));
00235 return -1;
00236 }
00237
00238 if ( !(sam_acct = samu_new( NULL )) ) {
00239 d_fprintf(stderr, "Internal error\n");
00240 return -1;
00241 }
00242
00243 if (!pdb_getsampwsid(sam_acct, &sid)) {
00244 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
00245 return -1;
00246 }
00247
00248 if (strequal(argv[1], "yes")) {
00249 pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED);
00250 } else {
00251 pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED);
00252 }
00253
00254 status = pdb_update_sam_account(sam_acct);
00255 if (!NT_STATUS_IS_OK(status)) {
00256 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
00257 argv[0], nt_errstr(status));
00258 return -1;
00259 }
00260
00261 TALLOC_FREE(sam_acct);
00262
00263 d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom,
00264 name, argv[1]);
00265 return 0;
00266 }
00267
00268
00269
00270
00271
00272
00273 static int net_sam_set_comment(int argc, const char **argv)
00274 {
00275 GROUP_MAP map;
00276 DOM_SID sid;
00277 enum lsa_SidType type;
00278 const char *dom, *name;
00279 NTSTATUS status;
00280
00281 if (argc != 2) {
00282 d_fprintf(stderr, "usage: net sam set comment <name> "
00283 "<comment>\n");
00284 return -1;
00285 }
00286
00287 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00288 &dom, &name, &sid, &type)) {
00289 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00290 return -1;
00291 }
00292
00293 if (type == SID_NAME_USER) {
00294 return net_sam_userset(argc, argv, "comment",
00295 pdb_set_acct_desc);
00296 }
00297
00298 if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
00299 (type != SID_NAME_WKN_GRP)) {
00300 d_fprintf(stderr, "%s is a %s, not a group\n", argv[0],
00301 sid_type_lookup(type));
00302 return -1;
00303 }
00304
00305 if (!pdb_getgrsid(&map, sid)) {
00306 d_fprintf(stderr, "Could not load group %s\n", argv[0]);
00307 return -1;
00308 }
00309
00310 fstrcpy(map.comment, argv[1]);
00311
00312 status = pdb_update_group_mapping_entry(&map);
00313
00314 if (!NT_STATUS_IS_OK(status)) {
00315 d_fprintf(stderr, "Updating group mapping entry failed with "
00316 "%s\n", nt_errstr(status));
00317 return -1;
00318 }
00319
00320 d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
00321 argv[1]);
00322
00323 return 0;
00324 }
00325
00326 static int net_sam_set(int argc, const char **argv)
00327 {
00328 struct functable2 func[] = {
00329 { "homedir", net_sam_set_homedir,
00330 "Change a user's home directory" },
00331 { "profilepath", net_sam_set_profilepath,
00332 "Change a user's profile path" },
00333 { "comment", net_sam_set_comment,
00334 "Change a users or groups description" },
00335 { "fullname", net_sam_set_fullname,
00336 "Change a user's full name" },
00337 { "logonscript", net_sam_set_logonscript,
00338 "Change a user's logon script" },
00339 { "homedrive", net_sam_set_homedrive,
00340 "Change a user's home drive" },
00341 { "workstations", net_sam_set_workstations,
00342 "Change a user's allowed workstations" },
00343 { "disabled", net_sam_set_disabled,
00344 "Disable/Enable a user" },
00345 { "pwnotreq", net_sam_set_pwnotreq,
00346 "Disable/Enable the password not required flag" },
00347 { "autolock", net_sam_set_autolock,
00348 "Disable/Enable a user's lockout flag" },
00349 { "pwnoexp", net_sam_set_pwnoexp,
00350 "Disable/Enable whether a user's pw does not expire" },
00351 { "pwdmustchangenow", net_sam_set_pwdmustchangenow,
00352 "Force users password must change at next logon" },
00353 {NULL, NULL}
00354 };
00355
00356 return net_run_function2(argc, argv, "net sam set", func);
00357 }
00358
00359
00360
00361
00362
00363 static int net_sam_policy_set(int argc, const char **argv)
00364 {
00365 const char *account_policy = NULL;
00366 uint32 value, old_value;
00367 int field;
00368 char *endptr;
00369
00370 if (argc != 2) {
00371 d_fprintf(stderr, "usage: net sam policy set "
00372 "\"<account policy>\" <value> \n");
00373 return -1;
00374 }
00375
00376 account_policy = argv[0];
00377 field = account_policy_name_to_fieldnum(account_policy);
00378
00379 if (strequal(argv[1], "forever") || strequal(argv[1], "never")
00380 || strequal(argv[1], "off")) {
00381 value = -1;
00382 }
00383 else {
00384 value = strtoul(argv[1], &endptr, 10);
00385
00386 if ((endptr == argv[1]) || (endptr[0] != '\0')) {
00387 d_printf("Unable to set policy \"%s\"! Invalid value "
00388 "\"%s\".\n",
00389 account_policy, argv[1]);
00390 return -1;
00391 }
00392 }
00393
00394 if (field == 0) {
00395 const char **names;
00396 int i, count;
00397
00398 account_policy_names_list(&names, &count);
00399 d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]);
00400 d_fprintf(stderr, "Valid account policies are:\n");
00401
00402 for (i=0; i<count; i++) {
00403 d_fprintf(stderr, "%s\n", names[i]);
00404 }
00405
00406 SAFE_FREE(names);
00407 return -1;
00408 }
00409
00410 if (!pdb_get_account_policy(field, &old_value)) {
00411 d_fprintf(stderr, "Valid account policy, but unable to fetch "
00412 "value!\n");
00413 }
00414
00415 if (!pdb_set_account_policy(field, value)) {
00416 d_fprintf(stderr, "Valid account policy, but unable to "
00417 "set value!\n");
00418 return -1;
00419 }
00420
00421 d_printf("Account policy \"%s\" value was: %d\n", account_policy,
00422 old_value);
00423
00424 d_printf("Account policy \"%s\" value is now: %d\n", account_policy,
00425 value);
00426 return 0;
00427 }
00428
00429 static int net_sam_policy_show(int argc, const char **argv)
00430 {
00431 const char *account_policy = NULL;
00432 uint32 old_value;
00433 int field;
00434
00435 if (argc != 1) {
00436 d_fprintf(stderr, "usage: net sam policy show"
00437 " \"<account policy>\" \n");
00438 return -1;
00439 }
00440
00441 account_policy = argv[0];
00442 field = account_policy_name_to_fieldnum(account_policy);
00443
00444 if (field == 0) {
00445 const char **names;
00446 int count;
00447 int i;
00448 account_policy_names_list(&names, &count);
00449 d_fprintf(stderr, "No account policy by that name!\n");
00450 if (count != 0) {
00451 d_fprintf(stderr, "Valid account policies "
00452 "are:\n");
00453 for (i=0; i<count; i++) {
00454 d_fprintf(stderr, "%s\n", names[i]);
00455 }
00456 }
00457 SAFE_FREE(names);
00458 return -1;
00459 }
00460
00461 if (!pdb_get_account_policy(field, &old_value)) {
00462 fprintf(stderr, "Valid account policy, but unable to "
00463 "fetch value!\n");
00464 return -1;
00465 }
00466
00467 printf("Account policy \"%s\" description: %s\n",
00468 account_policy, account_policy_get_desc(field));
00469 printf("Account policy \"%s\" value is: %d\n", account_policy,
00470 old_value);
00471 return 0;
00472 }
00473
00474 static int net_sam_policy_list(int argc, const char **argv)
00475 {
00476 const char **names;
00477 int count;
00478 int i;
00479 account_policy_names_list(&names, &count);
00480 if (count != 0) {
00481 d_fprintf(stderr, "Valid account policies "
00482 "are:\n");
00483 for (i = 0; i < count ; i++) {
00484 d_fprintf(stderr, "%s\n", names[i]);
00485 }
00486 }
00487 SAFE_FREE(names);
00488 return -1;
00489 }
00490
00491 static int net_sam_policy(int argc, const char **argv)
00492 {
00493 struct functable2 func[] = {
00494 { "list", net_sam_policy_list,
00495 "List account policies" },
00496 { "show", net_sam_policy_show,
00497 "Show account policies" },
00498 { "set", net_sam_policy_set,
00499 "Change account policies" },
00500 {NULL, NULL}
00501 };
00502
00503 return net_run_function2(argc, argv, "net sam policy", func);
00504 }
00505
00506
00507
00508
00509
00510 static int net_sam_mapunixgroup(int argc, const char **argv)
00511 {
00512 NTSTATUS status;
00513 GROUP_MAP map;
00514 struct group *grp;
00515
00516 if (argc != 1) {
00517 d_fprintf(stderr, "usage: net sam mapunixgroup <name>\n");
00518 return -1;
00519 }
00520
00521 grp = getgrnam(argv[0]);
00522 if (grp == NULL) {
00523 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00524 return -1;
00525 }
00526
00527 status = map_unix_group(grp, &map);
00528
00529 if (!NT_STATUS_IS_OK(status)) {
00530 d_fprintf(stderr, "Mapping group %s failed with %s\n",
00531 argv[0], nt_errstr(status));
00532 return -1;
00533 }
00534
00535 d_printf("Mapped unix group %s to SID %s\n", argv[0],
00536 sid_string_static(&map.sid));
00537
00538 return 0;
00539 }
00540
00541
00542
00543
00544
00545 static int net_sam_createlocalgroup(int argc, const char **argv)
00546 {
00547 NTSTATUS status;
00548 uint32 rid;
00549
00550 if (argc != 1) {
00551 d_fprintf(stderr, "usage: net sam createlocalgroup <name>\n");
00552 return -1;
00553 }
00554
00555 if (!winbind_ping()) {
00556 d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
00557 "only works when winbind runs.\n");
00558 return -1;
00559 }
00560
00561 status = pdb_create_alias(argv[0], &rid);
00562
00563 if (!NT_STATUS_IS_OK(status)) {
00564 d_fprintf(stderr, "Creating %s failed with %s\n",
00565 argv[0], nt_errstr(status));
00566 return -1;
00567 }
00568
00569 d_printf("Created local group %s with RID %d\n", argv[0], rid);
00570
00571 return 0;
00572 }
00573
00574
00575
00576
00577
00578 static int net_sam_createbuiltingroup(int argc, const char **argv)
00579 {
00580 NTSTATUS status;
00581 uint32 rid;
00582 enum lsa_SidType type;
00583 fstring groupname;
00584 DOM_SID sid;
00585
00586 if (argc != 1) {
00587 d_fprintf(stderr, "usage: net sam createbuiltingroup <name>\n");
00588 return -1;
00589 }
00590
00591 if (!winbind_ping()) {
00592 d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
00593 "only works when winbind runs.\n");
00594 return -1;
00595 }
00596
00597
00598
00599 fstrcpy( groupname, "BUILTIN\\" );
00600 fstrcat( groupname, argv[0] );
00601
00602 if ( !lookup_name(tmp_talloc_ctx(), groupname, LOOKUP_NAME_ALL, NULL,
00603 NULL, &sid, &type)) {
00604 d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]);
00605 return -1;
00606 }
00607
00608 if ( !sid_peek_rid( &sid, &rid ) ) {
00609 d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]);
00610 return -1;
00611 }
00612
00613 status = pdb_create_builtin_alias( rid );
00614
00615 if (!NT_STATUS_IS_OK(status)) {
00616 d_fprintf(stderr, "Creating %s failed with %s\n",
00617 argv[0], nt_errstr(status));
00618 return -1;
00619 }
00620
00621 d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid);
00622
00623 return 0;
00624 }
00625
00626
00627
00628
00629
00630 static int net_sam_addmem(int argc, const char **argv)
00631 {
00632 const char *groupdomain, *groupname, *memberdomain, *membername;
00633 DOM_SID group, member;
00634 enum lsa_SidType grouptype, membertype;
00635 NTSTATUS status;
00636
00637 if (argc != 2) {
00638 d_fprintf(stderr, "usage: net sam addmem <group> <member>\n");
00639 return -1;
00640 }
00641
00642 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00643 &groupdomain, &groupname, &group, &grouptype)) {
00644 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00645 return -1;
00646 }
00647
00648
00649
00650 if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL,
00651 &memberdomain, &membername, &member, &membertype))
00652 {
00653
00654
00655 if ( !string_to_sid( &member, argv[1] ) ) {
00656 d_fprintf(stderr, "Could not find member %s\n", argv[1]);
00657 return -1;
00658 }
00659
00660 if ( !lookup_sid(tmp_talloc_ctx(), &member, &memberdomain,
00661 &membername, &membertype) )
00662 {
00663 d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]);
00664 return -1;
00665 }
00666 }
00667
00668 if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) {
00669 if ((membertype != SID_NAME_USER) &&
00670 (membertype != SID_NAME_DOM_GRP)) {
00671 d_fprintf(stderr, "%s is a local group, only users "
00672 "and domain groups can be added.\n"
00673 "%s is a %s\n", argv[0], argv[1],
00674 sid_type_lookup(membertype));
00675 return -1;
00676 }
00677 status = pdb_add_aliasmem(&group, &member);
00678
00679 if (!NT_STATUS_IS_OK(status)) {
00680 d_fprintf(stderr, "Adding local group member failed "
00681 "with %s\n", nt_errstr(status));
00682 return -1;
00683 }
00684 } else {
00685 d_fprintf(stderr, "Can only add members to local groups so "
00686 "far, %s is a %s\n", argv[0],
00687 sid_type_lookup(grouptype));
00688 return -1;
00689 }
00690
00691 d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername,
00692 groupdomain, groupname);
00693
00694 return 0;
00695 }
00696
00697
00698
00699
00700
00701 static int net_sam_delmem(int argc, const char **argv)
00702 {
00703 const char *groupdomain, *groupname;
00704 const char *memberdomain = NULL;
00705 const char *membername = NULL;
00706 DOM_SID group, member;
00707 enum lsa_SidType grouptype;
00708 NTSTATUS status;
00709
00710 if (argc != 2) {
00711 d_fprintf(stderr, "usage: net sam delmem <group> <member>\n");
00712 return -1;
00713 }
00714
00715 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00716 &groupdomain, &groupname, &group, &grouptype)) {
00717 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00718 return -1;
00719 }
00720
00721 if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL,
00722 &memberdomain, &membername, &member, NULL)) {
00723 if (!string_to_sid(&member, argv[1])) {
00724 d_fprintf(stderr, "Could not find member %s\n",
00725 argv[1]);
00726 return -1;
00727 }
00728 }
00729
00730 if ((grouptype == SID_NAME_ALIAS) ||
00731 (grouptype == SID_NAME_WKN_GRP)) {
00732 status = pdb_del_aliasmem(&group, &member);
00733
00734 if (!NT_STATUS_IS_OK(status)) {
00735 d_fprintf(stderr, "Deleting local group member failed "
00736 "with %s\n", nt_errstr(status));
00737 return -1;
00738 }
00739 } else {
00740 d_fprintf(stderr, "Can only delete members from local groups "
00741 "so far, %s is a %s\n", argv[0],
00742 sid_type_lookup(grouptype));
00743 return -1;
00744 }
00745
00746 if (membername != NULL) {
00747 d_printf("Deleted %s\\%s from %s\\%s\n",
00748 memberdomain, membername, groupdomain, groupname);
00749 } else {
00750 d_printf("Deleted %s from %s\\%s\n",
00751 sid_string_static(&member), groupdomain, groupname);
00752 }
00753
00754 return 0;
00755 }
00756
00757
00758
00759
00760
00761 static int net_sam_listmem(int argc, const char **argv)
00762 {
00763 const char *groupdomain, *groupname;
00764 DOM_SID group;
00765 enum lsa_SidType grouptype;
00766 NTSTATUS status;
00767
00768 if (argc != 1) {
00769 d_fprintf(stderr, "usage: net sam listmem <group>\n");
00770 return -1;
00771 }
00772
00773 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00774 &groupdomain, &groupname, &group, &grouptype)) {
00775 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00776 return -1;
00777 }
00778
00779 if ((grouptype == SID_NAME_ALIAS) ||
00780 (grouptype == SID_NAME_WKN_GRP)) {
00781 DOM_SID *members = NULL;
00782 size_t i, num_members = 0;
00783
00784 status = pdb_enum_aliasmem(&group, &members, &num_members);
00785
00786 if (!NT_STATUS_IS_OK(status)) {
00787 d_fprintf(stderr, "Listing group members failed with "
00788 "%s\n", nt_errstr(status));
00789 return -1;
00790 }
00791
00792 d_printf("%s\\%s has %u members\n", groupdomain, groupname,
00793 (unsigned int)num_members);
00794 for (i=0; i<num_members; i++) {
00795 const char *dom, *name;
00796 if (lookup_sid(tmp_talloc_ctx(), &members[i],
00797 &dom, &name, NULL)) {
00798 d_printf(" %s\\%s\n", dom, name);
00799 } else {
00800 d_printf(" %s\n",
00801 sid_string_static(&members[i]));
00802 }
00803 }
00804 } else {
00805 d_fprintf(stderr, "Can only list local group members so far.\n"
00806 "%s is a %s\n", argv[0], sid_type_lookup(grouptype));
00807 return -1;
00808 }
00809
00810 return 0;
00811 }
00812
00813
00814
00815
00816 static int net_sam_do_list(int argc, const char **argv,
00817 struct pdb_search *search, const char *what)
00818 {
00819 BOOL verbose = (argc == 1);
00820
00821 if ((argc > 1) ||
00822 ((argc == 1) && !strequal(argv[0], "verbose"))) {
00823 d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what);
00824 return -1;
00825 }
00826
00827 if (search == NULL) {
00828 d_fprintf(stderr, "Could not start search\n");
00829 return -1;
00830 }
00831
00832 while (True) {
00833 struct samr_displayentry entry;
00834 if (!search->next_entry(search, &entry)) {
00835 break;
00836 }
00837 if (verbose) {
00838 d_printf("%s:%d:%s\n",
00839 entry.account_name,
00840 entry.rid,
00841 entry.description);
00842 } else {
00843 d_printf("%s\n", entry.account_name);
00844 }
00845 }
00846
00847 search->search_end(search);
00848 return 0;
00849 }
00850
00851 static int net_sam_list_users(int argc, const char **argv)
00852 {
00853 return net_sam_do_list(argc, argv, pdb_search_users(ACB_NORMAL),
00854 "users");
00855 }
00856
00857 static int net_sam_list_groups(int argc, const char **argv)
00858 {
00859 return net_sam_do_list(argc, argv, pdb_search_groups(), "groups");
00860 }
00861
00862 static int net_sam_list_localgroups(int argc, const char **argv)
00863 {
00864 return net_sam_do_list(argc, argv,
00865 pdb_search_aliases(get_global_sam_sid()),
00866 "localgroups");
00867 }
00868
00869 static int net_sam_list_builtin(int argc, const char **argv)
00870 {
00871 return net_sam_do_list(argc, argv,
00872 pdb_search_aliases(&global_sid_Builtin),
00873 "builtin");
00874 }
00875
00876 static int net_sam_list_workstations(int argc, const char **argv)
00877 {
00878 return net_sam_do_list(argc, argv,
00879 pdb_search_users(ACB_WSTRUST),
00880 "workstations");
00881 }
00882
00883
00884
00885
00886
00887 static int net_sam_list(int argc, const char **argv)
00888 {
00889 struct functable2 func[] = {
00890 { "users", net_sam_list_users,
00891 "List SAM users" },
00892 { "groups", net_sam_list_groups,
00893 "List SAM groups" },
00894 { "localgroups", net_sam_list_localgroups,
00895 "List SAM local groups" },
00896 { "builtin", net_sam_list_builtin,
00897 "List builtin groups" },
00898 { "workstations", net_sam_list_workstations,
00899 "List domain member workstations" },
00900 {NULL, NULL}
00901 };
00902
00903 return net_run_function2(argc, argv, "net sam list", func);
00904 }
00905
00906
00907
00908
00909
00910 static int net_sam_show(int argc, const char **argv)
00911 {
00912 DOM_SID sid;
00913 enum lsa_SidType type;
00914 const char *dom, *name;
00915
00916 if (argc != 1) {
00917 d_fprintf(stderr, "usage: net sam show <name>\n");
00918 return -1;
00919 }
00920
00921 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00922 &dom, &name, &sid, &type)) {
00923 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00924 return -1;
00925 }
00926
00927 d_printf("%s\\%s is a %s with SID %s\n", dom, name,
00928 sid_type_lookup(type), sid_string_static(&sid));
00929
00930 return 0;
00931 }
00932
00933 #ifdef HAVE_LDAP
00934
00935
00936
00937
00938
00939
00940 static int net_sam_provision(int argc, const char **argv)
00941 {
00942 TALLOC_CTX *tc;
00943 char *ldap_bk;
00944 char *ldap_uri = NULL;
00945 char *p;
00946 struct smbldap_state *ls;
00947 GROUP_MAP gmap;
00948 DOM_SID gsid;
00949 gid_t domusers_gid = -1;
00950 gid_t domadmins_gid = -1;
00951 struct samu *samuser;
00952 struct passwd *pwd;
00953
00954 tc = talloc_new(NULL);
00955 if (!tc) {
00956 d_fprintf(stderr, "Out of Memory!\n");
00957 return -1;
00958 }
00959
00960 if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) {
00961 d_fprintf(stderr, "talloc failed\n");
00962 talloc_free(tc);
00963 return -1;
00964 }
00965 p = strchr(ldap_bk, ':');
00966 if (p) {
00967 *p = 0;
00968 ldap_uri = talloc_strdup(tc, p+1);
00969 trim_char(ldap_uri, ' ', ' ');
00970 }
00971
00972 trim_char(ldap_bk, ' ', ' ');
00973
00974 if (strcmp(ldap_bk, "ldapsam") != 0) {
00975 d_fprintf(stderr, "Provisioning works only with ldapsam backend\n");
00976 goto failed;
00977 }
00978
00979 if (!lp_parm_bool(-1, "ldapsam", "trusted", False) ||
00980 !lp_parm_bool(-1, "ldapsam", "editposix", False)) {
00981
00982 d_fprintf(stderr, "Provisioning works only if ldapsam:trusted"
00983 " and ldapsam:editposix are enabled.\n");
00984 goto failed;
00985 }
00986
00987 if (!winbind_ping()) {
00988 d_fprintf(stderr, "winbind seems not to run. Provisioning "
00989 "LDAP only works when winbind runs.\n");
00990 goto failed;
00991 }
00992
00993 if (!NT_STATUS_IS_OK(smbldap_init(tc, ldap_uri, &ls))) {
00994 d_fprintf(stderr, "Unable to connect to the LDAP server.\n");
00995 goto failed;
00996 }
00997
00998 d_printf("Checking for Domain Users group.\n");
00999
01000 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
01001
01002 if (!pdb_getgrsid(&gmap, gsid)) {
01003 LDAPMod **mods = NULL;
01004 char *dn;
01005 char *uname;
01006 char *wname;
01007 char *gidstr;
01008 char *gtype;
01009 int rc;
01010
01011 d_printf("Adding the Domain Users group.\n");
01012
01013
01014 if (!winbind_allocate_gid(&domusers_gid)) {
01015 d_fprintf(stderr, "Unable to allocate a new gid to create Domain Users group!\n");
01016 goto domu_done;
01017 }
01018
01019 uname = talloc_strdup(tc, "domusers");
01020 wname = talloc_strdup(tc, "Domain Users");
01021 dn = talloc_asprintf(tc, "cn=%s,%s", "domusers", lp_ldap_group_suffix());
01022 gidstr = talloc_asprintf(tc, "%d", domusers_gid);
01023 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
01024
01025 if (!uname || !wname || !dn || !gidstr || !gtype) {
01026 d_fprintf(stderr, "Out of Memory!\n");
01027 goto failed;
01028 }
01029
01030 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
01031 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
01032 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
01033 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
01034 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01035 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
01036 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
01037
01038 talloc_autofree_ldapmod(tc, mods);
01039
01040 rc = smbldap_add(ls, dn, mods);
01041
01042 if (rc != LDAP_SUCCESS) {
01043 d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n");
01044 }
01045 } else {
01046 domusers_gid = gmap.gid;
01047 d_printf("found!\n");
01048 }
01049
01050 domu_done:
01051
01052 d_printf("Checking for Domain Admins group.\n");
01053
01054 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
01055
01056 if (!pdb_getgrsid(&gmap, gsid)) {
01057 LDAPMod **mods = NULL;
01058 char *dn;
01059 char *uname;
01060 char *wname;
01061 char *gidstr;
01062 char *gtype;
01063 int rc;
01064
01065 d_printf("Adding the Domain Admins group.\n");
01066
01067
01068 if (!winbind_allocate_gid(&domadmins_gid)) {
01069 d_fprintf(stderr, "Unable to allocate a new gid to create Domain Admins group!\n");
01070 goto doma_done;
01071 }
01072
01073 uname = talloc_strdup(tc, "domadmins");
01074 wname = talloc_strdup(tc, "Domain Admins");
01075 dn = talloc_asprintf(tc, "cn=%s,%s", "domadmins", lp_ldap_group_suffix());
01076 gidstr = talloc_asprintf(tc, "%d", domadmins_gid);
01077 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
01078
01079 if (!uname || !wname || !dn || !gidstr || !gtype) {
01080 d_fprintf(stderr, "Out of Memory!\n");
01081 goto failed;
01082 }
01083
01084 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
01085 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
01086 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
01087 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
01088 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01089 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
01090 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
01091
01092 talloc_autofree_ldapmod(tc, mods);
01093
01094 rc = smbldap_add(ls, dn, mods);
01095
01096 if (rc != LDAP_SUCCESS) {
01097 d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n");
01098 }
01099 } else {
01100 domadmins_gid = gmap.gid;
01101 d_printf("found!\n");
01102 }
01103
01104 doma_done:
01105
01106 d_printf("Check for Administrator account.\n");
01107
01108 samuser = samu_new(tc);
01109 if (!samuser) {
01110 d_fprintf(stderr, "Out of Memory!\n");
01111 goto failed;
01112 }
01113
01114 if (!pdb_getsampwnam(samuser, "Administrator")) {
01115 LDAPMod **mods = NULL;
01116 DOM_SID sid;
01117 char *dn;
01118 char *name;
01119 char *uidstr;
01120 char *gidstr;
01121 char *shell;
01122 char *dir;
01123 uid_t uid;
01124 int rc;
01125
01126 d_printf("Adding the Administrator user.\n");
01127
01128 if (domadmins_gid == -1) {
01129 d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n");
01130 goto done;
01131 }
01132 if (!winbind_allocate_uid(&uid)) {
01133 d_fprintf(stderr, "Unable to allocate a new uid to create the Administrator user!\n");
01134 goto done;
01135 }
01136 name = talloc_strdup(tc, "Administrator");
01137 dn = talloc_asprintf(tc, "uid=Administrator,%s", lp_ldap_user_suffix());
01138 uidstr = talloc_asprintf(tc, "%d", uid);
01139 gidstr = talloc_asprintf(tc, "%d", domadmins_gid);
01140 dir = talloc_sub_specified(tc, lp_template_homedir(),
01141 "Administrator",
01142 get_global_sam_name(),
01143 uid, domadmins_gid);
01144 shell = talloc_sub_specified(tc, lp_template_shell(),
01145 "Administrator",
01146 get_global_sam_name(),
01147 uid, domadmins_gid);
01148
01149 if (!name || !dn || !uidstr || !gidstr || !dir || !shell) {
01150 d_fprintf(stderr, "Out of Memory!\n");
01151 goto failed;
01152 }
01153
01154 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN);
01155
01156 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
01157 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
01158 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
01159 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name);
01160 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
01161 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
01162 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
01163 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01164 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir);
01165 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
01166 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid));
01167 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
01168 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
01169 NEW_PW_FORMAT_SPACE_PADDED_LEN));
01170
01171 talloc_autofree_ldapmod(tc, mods);
01172
01173 rc = smbldap_add(ls, dn, mods);
01174
01175 if (rc != LDAP_SUCCESS) {
01176 d_fprintf(stderr, "Failed to add Administrator user to ldap directory\n");
01177 }
01178 } else {
01179 d_printf("found!\n");
01180 }
01181
01182 d_printf("Checking for Guest user.\n");
01183
01184 samuser = samu_new(tc);
01185 if (!samuser) {
01186 d_fprintf(stderr, "Out of Memory!\n");
01187 goto failed;
01188 }
01189
01190 if (!pdb_getsampwnam(samuser, lp_guestaccount())) {
01191 LDAPMod **mods = NULL;
01192 DOM_SID sid;
01193 char *dn;
01194 char *uidstr;
01195 char *gidstr;
01196 int rc;
01197
01198 d_printf("Adding the Guest user.\n");
01199
01200 pwd = getpwnam_alloc(tc, lp_guestaccount());
01201
01202 if (!pwd) {
01203 if (domusers_gid == -1) {
01204 d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n");
01205 goto done;
01206 }
01207 if ((pwd = talloc(tc, struct passwd)) == NULL) {
01208 d_fprintf(stderr, "talloc failed\n");
01209 goto done;
01210 }
01211 pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
01212 if (!winbind_allocate_uid(&(pwd->pw_uid))) {
01213 d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n");
01214 goto done;
01215 }
01216 pwd->pw_gid = domusers_gid;
01217 pwd->pw_dir = talloc_strdup(tc, "/");
01218 pwd->pw_shell = talloc_strdup(tc, "/bin/false");
01219 if (!pwd->pw_dir || !pwd->pw_shell) {
01220 d_fprintf(stderr, "Out of Memory!\n");
01221 goto failed;
01222 }
01223 }
01224
01225 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
01226
01227 dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ());
01228 uidstr = talloc_asprintf(tc, "%d", pwd->pw_uid);
01229 gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid);
01230 if (!dn || !uidstr || !gidstr) {
01231 d_fprintf(stderr, "Out of Memory!\n");
01232 goto failed;
01233 }
01234
01235 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
01236 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
01237 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
01238 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name);
01239 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name);
01240 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name);
01241 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
01242 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01243 if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) {
01244 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir);
01245 }
01246 if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) {
01247 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell);
01248 }
01249 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid));
01250 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
01251 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
01252 NEW_PW_FORMAT_SPACE_PADDED_LEN));
01253
01254 talloc_autofree_ldapmod(tc, mods);
01255
01256 rc = smbldap_add(ls, dn, mods);
01257
01258 if (rc != LDAP_SUCCESS) {
01259 d_fprintf(stderr, "Failed to add Guest user to ldap directory\n");
01260 }
01261 } else {
01262 d_printf("found!\n");
01263 }
01264
01265 d_printf("Checking Guest's group.\n");
01266
01267 pwd = getpwnam_alloc(NULL, lp_guestaccount());
01268 if (!pwd) {
01269 d_fprintf(stderr, "Failed to find just created Guest account!\n"
01270 " Is nss properly configured?!\n");
01271 goto failed;
01272 }
01273
01274 if (pwd->pw_gid == domusers_gid) {
01275 d_printf("found!\n");
01276 goto done;
01277 }
01278
01279 if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
01280 LDAPMod **mods = NULL;
01281 char *dn;
01282 char *uname;
01283 char *wname;
01284 char *gidstr;
01285 char *gtype;
01286 int rc;
01287
01288 d_printf("Adding the Domain Guests group.\n");
01289
01290 uname = talloc_strdup(tc, "domguests");
01291 wname = talloc_strdup(tc, "Domain Guests");
01292 dn = talloc_asprintf(tc, "cn=%s,%s", "domguests", lp_ldap_group_suffix());
01293 gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid);
01294 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
01295
01296 if (!uname || !wname || !dn || !gidstr || !gtype) {
01297 d_fprintf(stderr, "Out of Memory!\n");
01298 goto failed;
01299 }
01300
01301 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS);
01302
01303 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
01304 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
01305 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
01306 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
01307 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01308 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
01309 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
01310
01311 talloc_autofree_ldapmod(tc, mods);
01312
01313 rc = smbldap_add(ls, dn, mods);
01314
01315 if (rc != LDAP_SUCCESS) {
01316 d_fprintf(stderr, "Failed to add Domain Guests group to ldap directory\n");
01317 }
01318 } else {
01319 d_printf("found!\n");
01320 }
01321
01322
01323 done:
01324 talloc_free(tc);
01325 return 0;
01326
01327 failed:
01328 talloc_free(tc);
01329 return -1;
01330 }
01331
01332 #endif
01333
01334
01335
01336
01337 int net_sam(int argc, const char **argv)
01338 {
01339 struct functable2 func[] = {
01340 { "createbuiltingroup", net_sam_createbuiltingroup,
01341 "Create a new BUILTIN group" },
01342 { "createlocalgroup", net_sam_createlocalgroup,
01343 "Create a new local group" },
01344 { "mapunixgroup", net_sam_mapunixgroup,
01345 "Map a unix group to a domain group" },
01346 { "addmem", net_sam_addmem,
01347 "Add a member to a group" },
01348 { "delmem", net_sam_delmem,
01349 "Delete a member from a group" },
01350 { "listmem", net_sam_listmem,
01351 "List group members" },
01352 { "list", net_sam_list,
01353 "List users, groups and local groups" },
01354 { "show", net_sam_show,
01355 "Show details of a SAM entry" },
01356 { "set", net_sam_set,
01357 "Set details of a SAM account" },
01358 { "policy", net_sam_policy,
01359 "Set account policies" },
01360 #ifdef HAVE_LDAP
01361 { "provision", net_sam_provision,
01362 "Provision a clean User Database" },
01363 #endif
01364 { NULL, NULL, NULL }
01365 };
01366
01367
01368 if (getuid() != 0) {
01369 d_fprintf(stderr, "You must be root to edit the SAM "
01370 "directly.\n");
01371 return -1;
01372 }
01373
01374 return net_run_function2(argc, argv, "net sam", func);
01375 }
01376