utils/net_sam.c

説明を見る。
00001 /*
00002  *  Unix SMB/CIFS implementation.
00003  *  Local SAM access routines
00004  *  Copyright (C) Volker Lendecke 2006
00005  *
00006  *  This program is free software; you can redistribute it and/or modify
00007  *  it under the terms of the GNU General Public License as published by
00008  *  the Free Software Foundation; either version 2 of the License, or
00009  *  (at your option) any later version.
00010  *
00011  *  This program is distributed in the hope that it will be useful,
00012  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  *  GNU General Public License for more details.
00015  *
00016  *  You should have received a copy of the GNU General Public License
00017  *  along with this program; if not, write to the Free Software
00018  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00019  */
00020 
00021 
00022 #include "includes.h"
00023 #include "utils/net.h"
00024 
00025 /*
00026  * Set a user's data
00027  */
00028 
00029 static int net_sam_userset(int argc, const char **argv, const char *field,
00030                            BOOL (*fn)(struct samu *, const char *,
00031                                       enum pdb_value_state))
00032 {
00033         struct samu *sam_acct = NULL;
00034         DOM_SID sid;
00035         enum lsa_SidType type;
00036         const char *dom, *name;
00037         NTSTATUS status;
00038 
00039         if (argc != 2) {
00040                 d_fprintf(stderr, "usage: net sam set %s <user> <value>\n",
00041                           field);
00042                 return -1;
00043         }
00044 
00045         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00046                          &dom, &name, &sid, &type)) {
00047                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00048                 return -1;
00049         }
00050 
00051         if (type != SID_NAME_USER) {
00052                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
00053                           sid_type_lookup(type));
00054                 return -1;
00055         }
00056 
00057         if ( !(sam_acct = samu_new( NULL )) ) {
00058                 d_fprintf(stderr, "Internal error\n");
00059                 return -1;
00060         }
00061 
00062         if (!pdb_getsampwsid(sam_acct, &sid)) {
00063                 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
00064                 return -1;
00065         }
00066 
00067         if (!fn(sam_acct, argv[1], PDB_CHANGED)) {
00068                 d_fprintf(stderr, "Internal error\n");
00069                 return -1;
00070         }
00071 
00072         status = pdb_update_sam_account(sam_acct);
00073         if (!NT_STATUS_IS_OK(status)) {
00074                 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
00075                           argv[0], nt_errstr(status));
00076                 return -1;
00077         }
00078 
00079         TALLOC_FREE(sam_acct);
00080 
00081         d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]);
00082         return 0;
00083 }
00084 
00085 static int net_sam_set_fullname(int argc, const char **argv)
00086 {
00087         return net_sam_userset(argc, argv, "fullname",
00088                                pdb_set_fullname);
00089 }
00090 
00091 static int net_sam_set_logonscript(int argc, const char **argv)
00092 {
00093         return net_sam_userset(argc, argv, "logonscript",
00094                                pdb_set_logon_script);
00095 }
00096 
00097 static int net_sam_set_profilepath(int argc, const char **argv)
00098 {
00099         return net_sam_userset(argc, argv, "profilepath",
00100                                pdb_set_profile_path);
00101 }
00102 
00103 static int net_sam_set_homedrive(int argc, const char **argv)
00104 {
00105         return net_sam_userset(argc, argv, "homedrive",
00106                                pdb_set_dir_drive);
00107 }
00108 
00109 static int net_sam_set_homedir(int argc, const char **argv)
00110 {
00111         return net_sam_userset(argc, argv, "homedir",
00112                                pdb_set_homedir);
00113 }
00114 
00115 static int net_sam_set_workstations(int argc, const char **argv)
00116 {
00117         return net_sam_userset(argc, argv, "workstations",
00118                                pdb_set_workstations);
00119 }
00120 
00121 /*
00122  * Set account flags
00123  */
00124 
00125 static int net_sam_set_userflag(int argc, const char **argv, const char *field,
00126                                 uint16 flag)
00127 {
00128         struct samu *sam_acct = NULL;
00129         DOM_SID sid;
00130         enum lsa_SidType type;
00131         const char *dom, *name;
00132         NTSTATUS status;
00133         uint16 acct_flags;
00134 
00135         if ((argc != 2) || (!strequal(argv[1], "yes") &&
00136                             !strequal(argv[1], "no"))) {
00137                 d_fprintf(stderr, "usage: net sam set %s <user> [yes|no]\n",
00138                           field);
00139                 return -1;
00140         }
00141 
00142         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00143                          &dom, &name, &sid, &type)) {
00144                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00145                 return -1;
00146         }
00147 
00148         if (type != SID_NAME_USER) {
00149                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
00150                           sid_type_lookup(type));
00151                 return -1;
00152         }
00153 
00154         if ( !(sam_acct = samu_new( NULL )) ) {
00155                 d_fprintf(stderr, "Internal error\n");
00156                 return -1;
00157         }
00158 
00159         if (!pdb_getsampwsid(sam_acct, &sid)) {
00160                 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
00161                 return -1;
00162         }
00163 
00164         acct_flags = pdb_get_acct_ctrl(sam_acct);
00165 
00166         if (strequal(argv[1], "yes")) {
00167                 acct_flags |= flag;
00168         } else {
00169                 acct_flags &= ~flag;
00170         }
00171 
00172         pdb_set_acct_ctrl(sam_acct, acct_flags, PDB_CHANGED);
00173 
00174         status = pdb_update_sam_account(sam_acct);
00175         if (!NT_STATUS_IS_OK(status)) {
00176                 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
00177                           argv[0], nt_errstr(status));
00178                 return -1;
00179         }
00180 
00181         TALLOC_FREE(sam_acct);
00182 
00183         d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom,
00184                   name, argv[1]);
00185         return 0;
00186 }
00187 
00188 static int net_sam_set_disabled(int argc, const char **argv)
00189 {
00190         return net_sam_set_userflag(argc, argv, "disabled", ACB_DISABLED);
00191 }
00192 
00193 static int net_sam_set_pwnotreq(int argc, const char **argv)
00194 {
00195         return net_sam_set_userflag(argc, argv, "pwnotreq", ACB_PWNOTREQ);
00196 }
00197 
00198 static int net_sam_set_autolock(int argc, const char **argv)
00199 {
00200         return net_sam_set_userflag(argc, argv, "autolock", ACB_AUTOLOCK);
00201 }
00202 
00203 static int net_sam_set_pwnoexp(int argc, const char **argv)
00204 {
00205         return net_sam_set_userflag(argc, argv, "pwnoexp", ACB_PWNOEXP);
00206 }
00207 
00208 /*
00209  * Set pass last change time, based on force pass change now
00210  */
00211 
00212 static int net_sam_set_pwdmustchangenow(int argc, const char **argv)
00213 {
00214         struct samu *sam_acct = NULL;
00215         DOM_SID sid;
00216         enum lsa_SidType type;
00217         const char *dom, *name;
00218         NTSTATUS status;
00219 
00220         if ((argc != 2) || (!strequal(argv[1], "yes") &&
00221                             !strequal(argv[1], "no"))) {
00222                 d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n");
00223                 return -1;
00224         }
00225 
00226         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00227                          &dom, &name, &sid, &type)) {
00228                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00229                 return -1;
00230         }
00231 
00232         if (type != SID_NAME_USER) {
00233                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
00234                           sid_type_lookup(type));
00235                 return -1;
00236         }
00237 
00238         if ( !(sam_acct = samu_new( NULL )) ) {
00239                 d_fprintf(stderr, "Internal error\n");
00240                 return -1;
00241         }
00242 
00243         if (!pdb_getsampwsid(sam_acct, &sid)) {
00244                 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
00245                 return -1;
00246         }
00247 
00248         if (strequal(argv[1], "yes")) {
00249                 pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED);
00250         } else {
00251                 pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED);
00252         }
00253 
00254         status = pdb_update_sam_account(sam_acct);
00255         if (!NT_STATUS_IS_OK(status)) {
00256                 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
00257                           argv[0], nt_errstr(status));
00258                 return -1;
00259         }
00260 
00261         TALLOC_FREE(sam_acct);
00262 
00263         d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom,
00264                   name, argv[1]);
00265         return 0;
00266 }
00267 
00268 
00269 /*
00270  * Set a user's or a group's comment
00271  */
00272 
00273 static int net_sam_set_comment(int argc, const char **argv)
00274 {
00275         GROUP_MAP map;
00276         DOM_SID sid;
00277         enum lsa_SidType type;
00278         const char *dom, *name;
00279         NTSTATUS status;
00280 
00281         if (argc != 2) {
00282                 d_fprintf(stderr, "usage: net sam set comment <name> "
00283                           "<comment>\n");
00284                 return -1;
00285         }
00286 
00287         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00288                          &dom, &name, &sid, &type)) {
00289                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00290                 return -1;
00291         }
00292 
00293         if (type == SID_NAME_USER) {
00294                 return net_sam_userset(argc, argv, "comment",
00295                                        pdb_set_acct_desc);
00296         }
00297 
00298         if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
00299             (type != SID_NAME_WKN_GRP)) {
00300                 d_fprintf(stderr, "%s is a %s, not a group\n", argv[0],
00301                           sid_type_lookup(type));
00302                 return -1;
00303         }
00304 
00305         if (!pdb_getgrsid(&map, sid)) {
00306                 d_fprintf(stderr, "Could not load group %s\n", argv[0]);
00307                 return -1;
00308         }
00309 
00310         fstrcpy(map.comment, argv[1]);
00311 
00312         status = pdb_update_group_mapping_entry(&map);
00313 
00314         if (!NT_STATUS_IS_OK(status)) {
00315                 d_fprintf(stderr, "Updating group mapping entry failed with "
00316                           "%s\n", nt_errstr(status));
00317                 return -1;
00318         }
00319 
00320         d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
00321                  argv[1]);
00322 
00323         return 0;
00324 }
00325 
00326 static int net_sam_set(int argc, const char **argv)
00327 {
00328         struct functable2 func[] = {
00329                 { "homedir", net_sam_set_homedir,
00330                   "Change a user's home directory" },
00331                 { "profilepath", net_sam_set_profilepath,
00332                   "Change a user's profile path" },
00333                 { "comment", net_sam_set_comment,
00334                   "Change a users or groups description" },
00335                 { "fullname", net_sam_set_fullname,
00336                   "Change a user's full name" },
00337                 { "logonscript", net_sam_set_logonscript,
00338                   "Change a user's logon script" },
00339                 { "homedrive", net_sam_set_homedrive,
00340                   "Change a user's home drive" },
00341                 { "workstations", net_sam_set_workstations,
00342                   "Change a user's allowed workstations" },
00343                 { "disabled", net_sam_set_disabled,
00344                   "Disable/Enable a user" },
00345                 { "pwnotreq", net_sam_set_pwnotreq,
00346                   "Disable/Enable the password not required flag" },
00347                 { "autolock", net_sam_set_autolock,
00348                   "Disable/Enable a user's lockout flag" },
00349                 { "pwnoexp", net_sam_set_pwnoexp,
00350                   "Disable/Enable whether a user's pw does not expire" },
00351                 { "pwdmustchangenow", net_sam_set_pwdmustchangenow,
00352                   "Force users password must change at next logon" },
00353                 {NULL, NULL}
00354         };
00355 
00356         return net_run_function2(argc, argv, "net sam set", func);
00357 }
00358 
00359 /*
00360  * Manage account policies
00361  */
00362 
00363 static int net_sam_policy_set(int argc, const char **argv)
00364 {
00365         const char *account_policy = NULL;
00366         uint32 value, old_value;
00367         int field;
00368         char *endptr;
00369 
00370         if (argc != 2) {
00371                 d_fprintf(stderr, "usage: net sam policy set " 
00372                           "\"<account policy>\" <value> \n");
00373                 return -1;
00374         }
00375 
00376         account_policy = argv[0];
00377         field = account_policy_name_to_fieldnum(account_policy);
00378 
00379         if (strequal(argv[1], "forever") || strequal(argv[1], "never")
00380             || strequal(argv[1], "off")) {
00381                 value = -1;
00382         }
00383         else {
00384                 value = strtoul(argv[1], &endptr, 10);
00385 
00386                 if ((endptr == argv[1]) || (endptr[0] != '\0')) {
00387                         d_printf("Unable to set policy \"%s\"! Invalid value "
00388                                  "\"%s\".\n", 
00389                                  account_policy, argv[1]); 
00390                         return -1;
00391                 }
00392         }
00393 
00394         if (field == 0) {
00395                 const char **names;
00396                 int i, count;
00397 
00398                 account_policy_names_list(&names, &count);
00399                 d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]);
00400                 d_fprintf(stderr, "Valid account policies are:\n");
00401 
00402                 for (i=0; i<count; i++) {
00403                         d_fprintf(stderr, "%s\n", names[i]);
00404                 }
00405 
00406                 SAFE_FREE(names);
00407                 return -1;
00408         }
00409 
00410         if (!pdb_get_account_policy(field, &old_value)) {
00411                 d_fprintf(stderr, "Valid account policy, but unable to fetch "
00412                           "value!\n");
00413         }
00414 
00415         if (!pdb_set_account_policy(field, value)) {
00416                 d_fprintf(stderr, "Valid account policy, but unable to "
00417                           "set value!\n");
00418                 return -1;
00419         }
00420 
00421         d_printf("Account policy \"%s\" value was: %d\n", account_policy,
00422                  old_value);
00423 
00424         d_printf("Account policy \"%s\" value is now: %d\n", account_policy,
00425                  value);
00426         return 0;
00427 }
00428 
00429 static int net_sam_policy_show(int argc, const char **argv)
00430 {
00431         const char *account_policy = NULL;
00432         uint32 old_value;
00433         int field;
00434 
00435         if (argc != 1) {
00436                 d_fprintf(stderr, "usage: net sam policy show"
00437                           " \"<account policy>\" \n");
00438                 return -1;
00439         }
00440         
00441         account_policy = argv[0];
00442         field = account_policy_name_to_fieldnum(account_policy);
00443 
00444         if (field == 0) {
00445                 const char **names;
00446                 int count;
00447                 int i;
00448                 account_policy_names_list(&names, &count);
00449                 d_fprintf(stderr, "No account policy by that name!\n");
00450                 if (count != 0) {
00451                         d_fprintf(stderr, "Valid account policies "
00452                                   "are:\n");
00453                         for (i=0; i<count; i++) {
00454                                 d_fprintf(stderr, "%s\n", names[i]);
00455                         }
00456                 }
00457                 SAFE_FREE(names);
00458                 return -1;
00459         }
00460 
00461         if (!pdb_get_account_policy(field, &old_value)) {
00462                 fprintf(stderr, "Valid account policy, but unable to "
00463                         "fetch value!\n");
00464                 return -1;
00465         }
00466         
00467         printf("Account policy \"%s\" description: %s\n",
00468                account_policy, account_policy_get_desc(field));
00469         printf("Account policy \"%s\" value is: %d\n", account_policy,
00470                old_value);
00471         return 0;
00472 }
00473 
00474 static int net_sam_policy_list(int argc, const char **argv)
00475 {
00476         const char **names;
00477         int count;
00478         int i;
00479         account_policy_names_list(&names, &count);
00480         if (count != 0) {
00481                 d_fprintf(stderr, "Valid account policies "
00482                           "are:\n");
00483                 for (i = 0; i < count ; i++) {
00484                         d_fprintf(stderr, "%s\n", names[i]);
00485                 }
00486         }
00487         SAFE_FREE(names);
00488         return -1;
00489 }
00490 
00491 static int net_sam_policy(int argc, const char **argv)
00492 {
00493         struct functable2 func[] = {
00494                 { "list", net_sam_policy_list,
00495                   "List account policies" },
00496                 { "show", net_sam_policy_show,
00497                   "Show account policies" },
00498                 { "set", net_sam_policy_set,
00499                   "Change account policies" },
00500                 {NULL, NULL}
00501         };
00502 
00503         return net_run_function2(argc, argv, "net sam policy", func);
00504 }
00505 
00506 /*
00507  * Map a unix group to a domain group
00508  */
00509 
00510 static int net_sam_mapunixgroup(int argc, const char **argv)
00511 {
00512         NTSTATUS status;
00513         GROUP_MAP map;
00514         struct group *grp;
00515 
00516         if (argc != 1) {
00517                 d_fprintf(stderr, "usage: net sam mapunixgroup <name>\n");
00518                 return -1;
00519         }
00520 
00521         grp = getgrnam(argv[0]);
00522         if (grp == NULL) {
00523                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00524                 return -1;
00525         }
00526 
00527         status = map_unix_group(grp, &map);
00528 
00529         if (!NT_STATUS_IS_OK(status)) {
00530                 d_fprintf(stderr, "Mapping group %s failed with %s\n",
00531                           argv[0], nt_errstr(status));
00532                 return -1;
00533         }
00534 
00535         d_printf("Mapped unix group %s to SID %s\n", argv[0],
00536                  sid_string_static(&map.sid));
00537 
00538         return 0;
00539 }
00540 
00541 /*
00542  * Create a local group
00543  */
00544 
00545 static int net_sam_createlocalgroup(int argc, const char **argv)
00546 {
00547         NTSTATUS status;
00548         uint32 rid;
00549 
00550         if (argc != 1) {
00551                 d_fprintf(stderr, "usage: net sam createlocalgroup <name>\n");
00552                 return -1;
00553         }
00554 
00555         if (!winbind_ping()) {
00556                 d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
00557                           "only works when winbind runs.\n");
00558                 return -1;
00559         }
00560 
00561         status = pdb_create_alias(argv[0], &rid);
00562 
00563         if (!NT_STATUS_IS_OK(status)) {
00564                 d_fprintf(stderr, "Creating %s failed with %s\n",
00565                           argv[0], nt_errstr(status));
00566                 return -1;
00567         }
00568 
00569         d_printf("Created local group %s with RID %d\n", argv[0], rid);
00570 
00571         return 0;
00572 }
00573 
00574 /*
00575  * Create a local group
00576  */
00577 
00578 static int net_sam_createbuiltingroup(int argc, const char **argv)
00579 {
00580         NTSTATUS status;
00581         uint32 rid;
00582         enum lsa_SidType type;
00583         fstring groupname;
00584         DOM_SID sid;
00585 
00586         if (argc != 1) {
00587                 d_fprintf(stderr, "usage: net sam createbuiltingroup <name>\n");
00588                 return -1;
00589         }
00590 
00591         if (!winbind_ping()) {
00592                 d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
00593                           "only works when winbind runs.\n");
00594                 return -1;
00595         }
00596 
00597         /* validate the name and get the group */
00598         
00599         fstrcpy( groupname, "BUILTIN\\" );
00600         fstrcat( groupname, argv[0] );
00601         
00602         if ( !lookup_name(tmp_talloc_ctx(), groupname, LOOKUP_NAME_ALL, NULL,
00603                           NULL, &sid, &type)) {
00604                 d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]);
00605                 return -1;
00606         }
00607         
00608         if ( !sid_peek_rid( &sid, &rid ) ) {
00609                 d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]);
00610                 return -1;
00611         }
00612 
00613         status = pdb_create_builtin_alias( rid );
00614 
00615         if (!NT_STATUS_IS_OK(status)) {
00616                 d_fprintf(stderr, "Creating %s failed with %s\n",
00617                           argv[0], nt_errstr(status));
00618                 return -1;
00619         }
00620 
00621         d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid);
00622 
00623         return 0;
00624 }
00625 
00626 /*
00627  * Add a group member
00628  */
00629 
00630 static int net_sam_addmem(int argc, const char **argv)
00631 {
00632         const char *groupdomain, *groupname, *memberdomain, *membername;
00633         DOM_SID group, member;
00634         enum lsa_SidType grouptype, membertype;
00635         NTSTATUS status;
00636 
00637         if (argc != 2) {
00638                 d_fprintf(stderr, "usage: net sam addmem <group> <member>\n");
00639                 return -1;
00640         }
00641 
00642         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00643                          &groupdomain, &groupname, &group, &grouptype)) {
00644                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00645                 return -1;
00646         }
00647 
00648         /* check to see if the member to be added is a name or a SID */
00649 
00650         if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL,
00651                          &memberdomain, &membername, &member, &membertype))
00652         {
00653                 /* try it as a SID */
00654 
00655                 if ( !string_to_sid( &member, argv[1] ) ) {
00656                         d_fprintf(stderr, "Could not find member %s\n", argv[1]);
00657                         return -1;
00658                 }
00659 
00660                 if ( !lookup_sid(tmp_talloc_ctx(), &member, &memberdomain, 
00661                         &membername, &membertype) ) 
00662                 {
00663                         d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]);
00664                         return -1;
00665                 }
00666         }
00667 
00668         if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) {
00669                 if ((membertype != SID_NAME_USER) &&
00670                     (membertype != SID_NAME_DOM_GRP)) {
00671                         d_fprintf(stderr, "%s is a local group, only users "
00672                                   "and domain groups can be added.\n"
00673                                   "%s is a %s\n", argv[0], argv[1],
00674                                   sid_type_lookup(membertype));
00675                         return -1;
00676                 }
00677                 status = pdb_add_aliasmem(&group, &member);
00678 
00679                 if (!NT_STATUS_IS_OK(status)) {
00680                         d_fprintf(stderr, "Adding local group member failed "
00681                                   "with %s\n", nt_errstr(status));
00682                         return -1;
00683                 }
00684         } else {
00685                 d_fprintf(stderr, "Can only add members to local groups so "
00686                           "far, %s is a %s\n", argv[0],
00687                           sid_type_lookup(grouptype));
00688                 return -1;
00689         }
00690 
00691         d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername, 
00692                 groupdomain, groupname);
00693 
00694         return 0;
00695 }
00696 
00697 /*
00698  * Delete a group member
00699  */
00700 
00701 static int net_sam_delmem(int argc, const char **argv)
00702 {
00703         const char *groupdomain, *groupname;
00704         const char *memberdomain = NULL;
00705         const char *membername = NULL;
00706         DOM_SID group, member;
00707         enum lsa_SidType grouptype;
00708         NTSTATUS status;
00709 
00710         if (argc != 2) {
00711                 d_fprintf(stderr, "usage: net sam delmem <group> <member>\n");
00712                 return -1;
00713         }
00714 
00715         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00716                          &groupdomain, &groupname, &group, &grouptype)) {
00717                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00718                 return -1;
00719         }
00720 
00721         if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL,
00722                          &memberdomain, &membername, &member, NULL)) {
00723                 if (!string_to_sid(&member, argv[1])) {
00724                         d_fprintf(stderr, "Could not find member %s\n",
00725                                   argv[1]);
00726                         return -1;
00727                 }
00728         }
00729 
00730         if ((grouptype == SID_NAME_ALIAS) ||
00731             (grouptype == SID_NAME_WKN_GRP)) {
00732                 status = pdb_del_aliasmem(&group, &member);
00733 
00734                 if (!NT_STATUS_IS_OK(status)) {
00735                         d_fprintf(stderr, "Deleting local group member failed "
00736                                   "with %s\n", nt_errstr(status));
00737                         return -1;
00738                 }
00739         } else {
00740                 d_fprintf(stderr, "Can only delete members from local groups "
00741                           "so far, %s is a %s\n", argv[0],
00742                           sid_type_lookup(grouptype));
00743                 return -1;
00744         }
00745 
00746         if (membername != NULL) {
00747                 d_printf("Deleted %s\\%s from %s\\%s\n",
00748                          memberdomain, membername, groupdomain, groupname);
00749         } else {
00750                 d_printf("Deleted %s from %s\\%s\n",
00751                          sid_string_static(&member), groupdomain, groupname);
00752         }
00753 
00754         return 0;
00755 }
00756 
00757 /*
00758  * List group members
00759  */
00760 
00761 static int net_sam_listmem(int argc, const char **argv)
00762 {
00763         const char *groupdomain, *groupname;
00764         DOM_SID group;
00765         enum lsa_SidType grouptype;
00766         NTSTATUS status;
00767 
00768         if (argc != 1) {
00769                 d_fprintf(stderr, "usage: net sam listmem <group>\n");
00770                 return -1;
00771         }
00772 
00773         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00774                          &groupdomain, &groupname, &group, &grouptype)) {
00775                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
00776                 return -1;
00777         }
00778 
00779         if ((grouptype == SID_NAME_ALIAS) ||
00780             (grouptype == SID_NAME_WKN_GRP)) {
00781                 DOM_SID *members = NULL;
00782                 size_t i, num_members = 0;
00783                 
00784                 status = pdb_enum_aliasmem(&group, &members, &num_members);
00785 
00786                 if (!NT_STATUS_IS_OK(status)) {
00787                         d_fprintf(stderr, "Listing group members failed with "
00788                                   "%s\n", nt_errstr(status));
00789                         return -1;
00790                 }
00791 
00792                 d_printf("%s\\%s has %u members\n", groupdomain, groupname,
00793                          (unsigned int)num_members);
00794                 for (i=0; i<num_members; i++) {
00795                         const char *dom, *name;
00796                         if (lookup_sid(tmp_talloc_ctx(), &members[i],
00797                                        &dom, &name, NULL)) {
00798                                 d_printf(" %s\\%s\n", dom, name);
00799                         } else {
00800                                 d_printf(" %s\n",
00801                                          sid_string_static(&members[i]));
00802                         }
00803                 }
00804         } else {
00805                 d_fprintf(stderr, "Can only list local group members so far.\n"
00806                           "%s is a %s\n", argv[0], sid_type_lookup(grouptype));
00807                 return -1;
00808         }
00809 
00810         return 0;
00811 }
00812 
00813 /*
00814  * Do the listing
00815  */
00816 static int net_sam_do_list(int argc, const char **argv,
00817                            struct pdb_search *search, const char *what)
00818 {
00819         BOOL verbose = (argc == 1);
00820 
00821         if ((argc > 1) ||
00822             ((argc == 1) && !strequal(argv[0], "verbose"))) {
00823                 d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what);
00824                 return -1;
00825         }
00826 
00827         if (search == NULL) {
00828                 d_fprintf(stderr, "Could not start search\n");
00829                 return -1;
00830         }
00831 
00832         while (True) {
00833                 struct samr_displayentry entry;
00834                 if (!search->next_entry(search, &entry)) {
00835                         break;
00836                 }
00837                 if (verbose) {
00838                         d_printf("%s:%d:%s\n",
00839                                  entry.account_name,
00840                                  entry.rid,
00841                                  entry.description);
00842                 } else {
00843                         d_printf("%s\n", entry.account_name);
00844                 }
00845         }
00846 
00847         search->search_end(search);
00848         return 0;
00849 }
00850 
00851 static int net_sam_list_users(int argc, const char **argv)
00852 {
00853         return net_sam_do_list(argc, argv, pdb_search_users(ACB_NORMAL),
00854                                "users");
00855 }
00856 
00857 static int net_sam_list_groups(int argc, const char **argv)
00858 {
00859         return net_sam_do_list(argc, argv, pdb_search_groups(), "groups");
00860 }
00861 
00862 static int net_sam_list_localgroups(int argc, const char **argv)
00863 {
00864         return net_sam_do_list(argc, argv,
00865                                pdb_search_aliases(get_global_sam_sid()),
00866                                "localgroups");
00867 }
00868 
00869 static int net_sam_list_builtin(int argc, const char **argv)
00870 {
00871         return net_sam_do_list(argc, argv,
00872                                pdb_search_aliases(&global_sid_Builtin),
00873                                "builtin");
00874 }
00875 
00876 static int net_sam_list_workstations(int argc, const char **argv)
00877 {
00878         return net_sam_do_list(argc, argv,
00879                                pdb_search_users(ACB_WSTRUST),
00880                                "workstations");
00881 }
00882 
00883 /*
00884  * List stuff
00885  */
00886 
00887 static int net_sam_list(int argc, const char **argv)
00888 {
00889         struct functable2 func[] = {
00890                 { "users", net_sam_list_users,
00891                   "List SAM users" },
00892                 { "groups", net_sam_list_groups,
00893                   "List SAM groups" },
00894                 { "localgroups", net_sam_list_localgroups,
00895                   "List SAM local groups" },
00896                 { "builtin", net_sam_list_builtin,
00897                   "List builtin groups" },
00898                 { "workstations", net_sam_list_workstations,
00899                   "List domain member workstations" },
00900                 {NULL, NULL}
00901         };
00902 
00903         return net_run_function2(argc, argv, "net sam list", func);
00904 }
00905 
00906 /*
00907  * Show details of SAM entries
00908  */
00909 
00910 static int net_sam_show(int argc, const char **argv)
00911 {
00912         DOM_SID sid;
00913         enum lsa_SidType type;
00914         const char *dom, *name;
00915 
00916         if (argc != 1) {
00917                 d_fprintf(stderr, "usage: net sam show <name>\n");
00918                 return -1;
00919         }
00920 
00921         if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
00922                          &dom, &name, &sid, &type)) {
00923                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
00924                 return -1;
00925         }
00926 
00927         d_printf("%s\\%s is a %s with SID %s\n", dom, name,
00928                  sid_type_lookup(type), sid_string_static(&sid));
00929 
00930         return 0;
00931 }
00932 
00933 #ifdef HAVE_LDAP
00934 
00935 /*
00936  * Init an LDAP tree with default users and Groups
00937  * if ldapsam:editposix is enabled
00938  */
00939 
00940 static int net_sam_provision(int argc, const char **argv)
00941 {
00942         TALLOC_CTX *tc;
00943         char *ldap_bk;
00944         char *ldap_uri = NULL;
00945         char *p;
00946         struct smbldap_state *ls;
00947         GROUP_MAP gmap;
00948         DOM_SID gsid;
00949         gid_t domusers_gid = -1;
00950         gid_t domadmins_gid = -1;
00951         struct samu *samuser;
00952         struct passwd *pwd;
00953 
00954         tc = talloc_new(NULL);
00955         if (!tc) {
00956                 d_fprintf(stderr, "Out of Memory!\n");
00957                 return -1;
00958         }
00959 
00960         if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) {
00961                 d_fprintf(stderr, "talloc failed\n");
00962                 talloc_free(tc);
00963                 return -1;
00964         }
00965         p = strchr(ldap_bk, ':');
00966         if (p) {
00967                 *p = 0;
00968                 ldap_uri = talloc_strdup(tc, p+1);
00969                 trim_char(ldap_uri, ' ', ' ');
00970         }
00971 
00972         trim_char(ldap_bk, ' ', ' ');
00973                 
00974         if (strcmp(ldap_bk, "ldapsam") != 0) {
00975                 d_fprintf(stderr, "Provisioning works only with ldapsam backend\n");
00976                 goto failed;
00977         }
00978         
00979         if (!lp_parm_bool(-1, "ldapsam", "trusted", False) ||
00980             !lp_parm_bool(-1, "ldapsam", "editposix", False)) {
00981 
00982                 d_fprintf(stderr, "Provisioning works only if ldapsam:trusted"
00983                                   " and ldapsam:editposix are enabled.\n");
00984                 goto failed;
00985         }
00986 
00987         if (!winbind_ping()) {
00988                 d_fprintf(stderr, "winbind seems not to run. Provisioning "
00989                           "LDAP only works when winbind runs.\n");
00990                 goto failed;
00991         }
00992 
00993         if (!NT_STATUS_IS_OK(smbldap_init(tc, ldap_uri, &ls))) {
00994                 d_fprintf(stderr, "Unable to connect to the LDAP server.\n");
00995                 goto failed;
00996         }
00997 
00998         d_printf("Checking for Domain Users group.\n");
00999 
01000         sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
01001 
01002         if (!pdb_getgrsid(&gmap, gsid)) {
01003                 LDAPMod **mods = NULL;
01004                 char *dn;
01005                 char *uname;
01006                 char *wname;
01007                 char *gidstr;
01008                 char *gtype;
01009                 int rc;
01010 
01011                 d_printf("Adding the Domain Users group.\n");
01012 
01013                 /* lets allocate a new groupid for this group */
01014                 if (!winbind_allocate_gid(&domusers_gid)) {
01015                         d_fprintf(stderr, "Unable to allocate a new gid to create Domain Users group!\n");
01016                         goto domu_done;
01017                 }
01018 
01019                 uname = talloc_strdup(tc, "domusers");
01020                 wname = talloc_strdup(tc, "Domain Users");
01021                 dn = talloc_asprintf(tc, "cn=%s,%s", "domusers", lp_ldap_group_suffix());
01022                 gidstr = talloc_asprintf(tc, "%d", domusers_gid);
01023                 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
01024 
01025                 if (!uname || !wname || !dn || !gidstr || !gtype) {
01026                         d_fprintf(stderr, "Out of Memory!\n");
01027                         goto failed;
01028                 }
01029 
01030                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
01031                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
01032                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
01033                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
01034                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01035                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
01036                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
01037 
01038                 talloc_autofree_ldapmod(tc, mods);
01039 
01040                 rc = smbldap_add(ls, dn, mods);
01041 
01042                 if (rc != LDAP_SUCCESS) {
01043                         d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n");
01044                 }
01045         } else {
01046                 domusers_gid = gmap.gid;
01047                 d_printf("found!\n");
01048         }       
01049 
01050 domu_done:
01051 
01052         d_printf("Checking for Domain Admins group.\n");
01053 
01054         sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
01055 
01056         if (!pdb_getgrsid(&gmap, gsid)) {
01057                 LDAPMod **mods = NULL;
01058                 char *dn;
01059                 char *uname;
01060                 char *wname;
01061                 char *gidstr;
01062                 char *gtype;
01063                 int rc;
01064 
01065                 d_printf("Adding the Domain Admins group.\n");
01066 
01067                 /* lets allocate a new groupid for this group */
01068                 if (!winbind_allocate_gid(&domadmins_gid)) {
01069                         d_fprintf(stderr, "Unable to allocate a new gid to create Domain Admins group!\n");
01070                         goto doma_done;
01071                 }
01072 
01073                 uname = talloc_strdup(tc, "domadmins");
01074                 wname = talloc_strdup(tc, "Domain Admins");
01075                 dn = talloc_asprintf(tc, "cn=%s,%s", "domadmins", lp_ldap_group_suffix());
01076                 gidstr = talloc_asprintf(tc, "%d", domadmins_gid);
01077                 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
01078 
01079                 if (!uname || !wname || !dn || !gidstr || !gtype) {
01080                         d_fprintf(stderr, "Out of Memory!\n");
01081                         goto failed;
01082                 }
01083 
01084                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
01085                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
01086                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
01087                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
01088                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01089                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
01090                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
01091 
01092                 talloc_autofree_ldapmod(tc, mods);
01093 
01094                 rc = smbldap_add(ls, dn, mods);
01095 
01096                 if (rc != LDAP_SUCCESS) {
01097                         d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n");
01098                 }
01099         } else {
01100                 domadmins_gid = gmap.gid;
01101                 d_printf("found!\n");
01102         }
01103 
01104 doma_done:
01105 
01106         d_printf("Check for Administrator account.\n");
01107 
01108         samuser = samu_new(tc);
01109         if (!samuser) {
01110                 d_fprintf(stderr, "Out of Memory!\n");
01111                 goto failed;
01112         }
01113 
01114         if (!pdb_getsampwnam(samuser, "Administrator")) {
01115                 LDAPMod **mods = NULL;
01116                 DOM_SID sid;
01117                 char *dn;
01118                 char *name;
01119                 char *uidstr;
01120                 char *gidstr;
01121                 char *shell;
01122                 char *dir;
01123                 uid_t uid;
01124                 int rc;
01125                 
01126                 d_printf("Adding the Administrator user.\n");
01127 
01128                 if (domadmins_gid == -1) {
01129                         d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n");
01130                         goto done;
01131                 }
01132                 if (!winbind_allocate_uid(&uid)) {
01133                         d_fprintf(stderr, "Unable to allocate a new uid to create the Administrator user!\n");
01134                         goto done;
01135                 }
01136                 name = talloc_strdup(tc, "Administrator");
01137                 dn = talloc_asprintf(tc, "uid=Administrator,%s", lp_ldap_user_suffix());
01138                 uidstr = talloc_asprintf(tc, "%d", uid);
01139                 gidstr = talloc_asprintf(tc, "%d", domadmins_gid);
01140                 dir = talloc_sub_specified(tc, lp_template_homedir(),
01141                                                 "Administrator",
01142                                                 get_global_sam_name(),
01143                                                 uid, domadmins_gid);
01144                 shell = talloc_sub_specified(tc, lp_template_shell(),
01145                                                 "Administrator",
01146                                                 get_global_sam_name(),
01147                                                 uid, domadmins_gid);
01148 
01149                 if (!name || !dn || !uidstr || !gidstr || !dir || !shell) {
01150                         d_fprintf(stderr, "Out of Memory!\n");
01151                         goto failed;
01152                 }
01153 
01154                 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN);
01155 
01156                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
01157                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
01158                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
01159                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name);
01160                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
01161                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
01162                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
01163                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01164                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir);
01165                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
01166                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid));
01167                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
01168                                 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
01169                                 NEW_PW_FORMAT_SPACE_PADDED_LEN));
01170 
01171                 talloc_autofree_ldapmod(tc, mods);
01172 
01173                 rc = smbldap_add(ls, dn, mods);
01174 
01175                 if (rc != LDAP_SUCCESS) {
01176                         d_fprintf(stderr, "Failed to add Administrator user to ldap directory\n");
01177                 }
01178         } else {
01179                 d_printf("found!\n");
01180         }
01181 
01182         d_printf("Checking for Guest user.\n");
01183 
01184         samuser = samu_new(tc);
01185         if (!samuser) {
01186                 d_fprintf(stderr, "Out of Memory!\n");
01187                 goto failed;
01188         }
01189 
01190         if (!pdb_getsampwnam(samuser, lp_guestaccount())) {
01191                 LDAPMod **mods = NULL;
01192                 DOM_SID sid;
01193                 char *dn;
01194                 char *uidstr;
01195                 char *gidstr;
01196                 int rc;
01197                 
01198                 d_printf("Adding the Guest user.\n");
01199 
01200                 pwd = getpwnam_alloc(tc, lp_guestaccount());
01201 
01202                 if (!pwd) {
01203                         if (domusers_gid == -1) {
01204                                 d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n");
01205                                 goto done;
01206                         }
01207                         if ((pwd = talloc(tc, struct passwd)) == NULL) {
01208                                 d_fprintf(stderr, "talloc failed\n");
01209                                 goto done;
01210                         }
01211                         pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
01212                         if (!winbind_allocate_uid(&(pwd->pw_uid))) {
01213                                 d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n");
01214                                 goto done;
01215                         }
01216                         pwd->pw_gid = domusers_gid;
01217                         pwd->pw_dir = talloc_strdup(tc, "/");
01218                         pwd->pw_shell = talloc_strdup(tc, "/bin/false");
01219                         if (!pwd->pw_dir || !pwd->pw_shell) {
01220                                 d_fprintf(stderr, "Out of Memory!\n");
01221                                 goto failed;
01222                         }
01223                 }
01224 
01225                 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
01226 
01227                 dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ());
01228                 uidstr = talloc_asprintf(tc, "%d", pwd->pw_uid);
01229                 gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid);
01230                 if (!dn || !uidstr || !gidstr) {
01231                         d_fprintf(stderr, "Out of Memory!\n");
01232                         goto failed;
01233                 }
01234 
01235                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
01236                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
01237                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
01238                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name);
01239                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name);
01240                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name);
01241                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
01242                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01243                 if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) {
01244                         smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir);
01245                 }
01246                 if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) {
01247                         smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell);
01248                 }
01249                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid));
01250                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
01251                                 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
01252                                 NEW_PW_FORMAT_SPACE_PADDED_LEN));
01253 
01254                 talloc_autofree_ldapmod(tc, mods);
01255 
01256                 rc = smbldap_add(ls, dn, mods);
01257 
01258                 if (rc != LDAP_SUCCESS) {
01259                         d_fprintf(stderr, "Failed to add Guest user to ldap directory\n");
01260                 }
01261         } else {
01262                 d_printf("found!\n");
01263         }
01264 
01265         d_printf("Checking Guest's group.\n");
01266 
01267         pwd = getpwnam_alloc(NULL, lp_guestaccount());
01268         if (!pwd) {
01269                 d_fprintf(stderr, "Failed to find just created Guest account!\n"
01270                                   "   Is nss properly configured?!\n");
01271                 goto failed;
01272         }
01273 
01274         if (pwd->pw_gid == domusers_gid) {
01275                 d_printf("found!\n");
01276                 goto done;
01277         }
01278 
01279         if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
01280                 LDAPMod **mods = NULL;
01281                 char *dn;
01282                 char *uname;
01283                 char *wname;
01284                 char *gidstr;
01285                 char *gtype;
01286                 int rc;
01287 
01288                 d_printf("Adding the Domain Guests group.\n");
01289 
01290                 uname = talloc_strdup(tc, "domguests");
01291                 wname = talloc_strdup(tc, "Domain Guests");
01292                 dn = talloc_asprintf(tc, "cn=%s,%s", "domguests", lp_ldap_group_suffix());
01293                 gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid);
01294                 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
01295 
01296                 if (!uname || !wname || !dn || !gidstr || !gtype) {
01297                         d_fprintf(stderr, "Out of Memory!\n");
01298                         goto failed;
01299                 }
01300 
01301                 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS);
01302 
01303                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
01304                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
01305                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
01306                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
01307                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
01308                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
01309                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
01310 
01311                 talloc_autofree_ldapmod(tc, mods);
01312 
01313                 rc = smbldap_add(ls, dn, mods);
01314 
01315                 if (rc != LDAP_SUCCESS) {
01316                         d_fprintf(stderr, "Failed to add Domain Guests group to ldap directory\n");
01317                 }
01318         } else {
01319                 d_printf("found!\n");
01320         }
01321 
01322 
01323 done:
01324         talloc_free(tc);
01325         return 0;
01326 
01327 failed:
01328         talloc_free(tc);
01329         return -1;
01330 }
01331 
01332 #endif
01333 
01334 /***********************************************************
01335  migrated functionality from smbgroupedit
01336  **********************************************************/
01337 int net_sam(int argc, const char **argv)
01338 {
01339         struct functable2 func[] = {
01340                 { "createbuiltingroup", net_sam_createbuiltingroup,
01341                   "Create a new BUILTIN group" },
01342                 { "createlocalgroup", net_sam_createlocalgroup,
01343                   "Create a new local group" },
01344                 { "mapunixgroup", net_sam_mapunixgroup,
01345                   "Map a unix group to a domain group" },
01346                 { "addmem", net_sam_addmem,
01347                   "Add a member to a group" },
01348                 { "delmem", net_sam_delmem,
01349                   "Delete a member from a group" },
01350                 { "listmem", net_sam_listmem,
01351                   "List group members" },
01352                 { "list", net_sam_list,
01353                   "List users, groups and local groups" },
01354                 { "show", net_sam_show,
01355                   "Show details of a SAM entry" },
01356                 { "set", net_sam_set,
01357                   "Set details of a SAM account" },
01358                 { "policy", net_sam_policy,
01359                   "Set account policies" },
01360 #ifdef HAVE_LDAP
01361                 { "provision", net_sam_provision,
01362                   "Provision a clean User Database" },
01363 #endif
01364                 { NULL, NULL, NULL }
01365         };
01366 
01367         /* we shouldn't have silly checks like this */
01368         if (getuid() != 0) {
01369                 d_fprintf(stderr, "You must be root to edit the SAM "
01370                           "directly.\n");
01371                 return -1;
01372         }
01373         
01374         return net_run_function2(argc, argv, "net sam", func);
01375 }
01376 

Sambaに対してSat Aug 29 21:23:29 2009に生成されました。  doxygen 1.4.7