関数 | |
static int | net_sam_userset (int argc, const char **argv, const char *field, BOOL(*fn)(struct samu *, const char *, enum pdb_value_state)) |
static int | net_sam_set_fullname (int argc, const char **argv) |
static int | net_sam_set_logonscript (int argc, const char **argv) |
static int | net_sam_set_profilepath (int argc, const char **argv) |
static int | net_sam_set_homedrive (int argc, const char **argv) |
static int | net_sam_set_homedir (int argc, const char **argv) |
static int | net_sam_set_workstations (int argc, const char **argv) |
static int | net_sam_set_userflag (int argc, const char **argv, const char *field, uint16 flag) |
static int | net_sam_set_disabled (int argc, const char **argv) |
static int | net_sam_set_pwnotreq (int argc, const char **argv) |
static int | net_sam_set_autolock (int argc, const char **argv) |
static int | net_sam_set_pwnoexp (int argc, const char **argv) |
static int | net_sam_set_pwdmustchangenow (int argc, const char **argv) |
static int | net_sam_set_comment (int argc, const char **argv) |
static int | net_sam_set (int argc, const char **argv) |
static int | net_sam_policy_set (int argc, const char **argv) |
static int | net_sam_policy_show (int argc, const char **argv) |
static int | net_sam_policy_list (int argc, const char **argv) |
static int | net_sam_policy (int argc, const char **argv) |
static int | net_sam_mapunixgroup (int argc, const char **argv) |
static int | net_sam_createlocalgroup (int argc, const char **argv) |
static int | net_sam_createbuiltingroup (int argc, const char **argv) |
static int | net_sam_addmem (int argc, const char **argv) |
static int | net_sam_delmem (int argc, const char **argv) |
static int | net_sam_listmem (int argc, const char **argv) |
static int | net_sam_do_list (int argc, const char **argv, struct pdb_search *search, const char *what) |
static int | net_sam_list_users (int argc, const char **argv) |
static int | net_sam_list_groups (int argc, const char **argv) |
static int | net_sam_list_localgroups (int argc, const char **argv) |
static int | net_sam_list_builtin (int argc, const char **argv) |
static int | net_sam_list_workstations (int argc, const char **argv) |
static int | net_sam_list (int argc, const char **argv) |
static int | net_sam_show (int argc, const char **argv) |
static int | net_sam_provision (int argc, const char **argv) |
int | net_sam (int argc, const char **argv) |
static int net_sam_userset | ( | int | argc, | |
const char ** | argv, | |||
const char * | field, | |||
BOOL(*)(struct samu *, const char *, enum pdb_value_state) | fn | |||
) | [static] |
参照先 d_fprintf()・d_printf()・fn・lookup_name()・name・nt_errstr()・PDB_CHANGED・pdb_getsampwsid()・pdb_update_sam_account()・samu_new()・SID_NAME_USER・sid_type_lookup()・status・tmp_talloc_ctx()・type.
参照元 net_sam_set_comment()・net_sam_set_fullname()・net_sam_set_homedir()・net_sam_set_homedrive()・net_sam_set_logonscript()・net_sam_set_profilepath()・net_sam_set_workstations().
00032 { 00033 struct samu *sam_acct = NULL; 00034 DOM_SID sid; 00035 enum lsa_SidType type; 00036 const char *dom, *name; 00037 NTSTATUS status; 00038 00039 if (argc != 2) { 00040 d_fprintf(stderr, "usage: net sam set %s <user> <value>\n", 00041 field); 00042 return -1; 00043 } 00044 00045 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00046 &dom, &name, &sid, &type)) { 00047 d_fprintf(stderr, "Could not find name %s\n", argv[0]); 00048 return -1; 00049 } 00050 00051 if (type != SID_NAME_USER) { 00052 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0], 00053 sid_type_lookup(type)); 00054 return -1; 00055 } 00056 00057 if ( !(sam_acct = samu_new( NULL )) ) { 00058 d_fprintf(stderr, "Internal error\n"); 00059 return -1; 00060 } 00061 00062 if (!pdb_getsampwsid(sam_acct, &sid)) { 00063 d_fprintf(stderr, "Loading user %s failed\n", argv[0]); 00064 return -1; 00065 } 00066 00067 if (!fn(sam_acct, argv[1], PDB_CHANGED)) { 00068 d_fprintf(stderr, "Internal error\n"); 00069 return -1; 00070 } 00071 00072 status = pdb_update_sam_account(sam_acct); 00073 if (!NT_STATUS_IS_OK(status)) { 00074 d_fprintf(stderr, "Updating sam account %s failed with %s\n", 00075 argv[0], nt_errstr(status)); 00076 return -1; 00077 } 00078 00079 TALLOC_FREE(sam_acct); 00080 00081 d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); 00082 return 0; 00083 }
static int net_sam_set_fullname | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_userset()・pdb_set_fullname().
参照元 net_sam_set().
00086 { 00087 return net_sam_userset(argc, argv, "fullname", 00088 pdb_set_fullname); 00089 }
static int net_sam_set_logonscript | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_userset()・pdb_set_logon_script().
参照元 net_sam_set().
00092 { 00093 return net_sam_userset(argc, argv, "logonscript", 00094 pdb_set_logon_script); 00095 }
static int net_sam_set_profilepath | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_userset()・pdb_set_profile_path().
参照元 net_sam_set().
00098 { 00099 return net_sam_userset(argc, argv, "profilepath", 00100 pdb_set_profile_path); 00101 }
static int net_sam_set_homedrive | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_userset()・pdb_set_dir_drive().
参照元 net_sam_set().
00104 { 00105 return net_sam_userset(argc, argv, "homedrive", 00106 pdb_set_dir_drive); 00107 }
static int net_sam_set_homedir | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_userset()・pdb_set_homedir().
参照元 net_sam_set().
00110 { 00111 return net_sam_userset(argc, argv, "homedir", 00112 pdb_set_homedir); 00113 }
static int net_sam_set_workstations | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_userset()・pdb_set_workstations().
参照元 net_sam_set().
00116 { 00117 return net_sam_userset(argc, argv, "workstations", 00118 pdb_set_workstations); 00119 }
static int net_sam_set_userflag | ( | int | argc, | |
const char ** | argv, | |||
const char * | field, | |||
uint16 | flag | |||
) | [static] |
参照先 d_fprintf()・lookup_name()・name・nt_errstr()・PDB_CHANGED・pdb_get_acct_ctrl()・pdb_getsampwsid()・pdb_set_acct_ctrl()・pdb_update_sam_account()・samu_new()・SID_NAME_USER・sid_type_lookup()・status・strequal()・tmp_talloc_ctx()・type.
参照元 net_sam_set_autolock()・net_sam_set_disabled()・net_sam_set_pwnoexp()・net_sam_set_pwnotreq().
00127 { 00128 struct samu *sam_acct = NULL; 00129 DOM_SID sid; 00130 enum lsa_SidType type; 00131 const char *dom, *name; 00132 NTSTATUS status; 00133 uint16 acct_flags; 00134 00135 if ((argc != 2) || (!strequal(argv[1], "yes") && 00136 !strequal(argv[1], "no"))) { 00137 d_fprintf(stderr, "usage: net sam set %s <user> [yes|no]\n", 00138 field); 00139 return -1; 00140 } 00141 00142 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00143 &dom, &name, &sid, &type)) { 00144 d_fprintf(stderr, "Could not find name %s\n", argv[0]); 00145 return -1; 00146 } 00147 00148 if (type != SID_NAME_USER) { 00149 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0], 00150 sid_type_lookup(type)); 00151 return -1; 00152 } 00153 00154 if ( !(sam_acct = samu_new( NULL )) ) { 00155 d_fprintf(stderr, "Internal error\n"); 00156 return -1; 00157 } 00158 00159 if (!pdb_getsampwsid(sam_acct, &sid)) { 00160 d_fprintf(stderr, "Loading user %s failed\n", argv[0]); 00161 return -1; 00162 } 00163 00164 acct_flags = pdb_get_acct_ctrl(sam_acct); 00165 00166 if (strequal(argv[1], "yes")) { 00167 acct_flags |= flag; 00168 } else { 00169 acct_flags &= ~flag; 00170 } 00171 00172 pdb_set_acct_ctrl(sam_acct, acct_flags, PDB_CHANGED); 00173 00174 status = pdb_update_sam_account(sam_acct); 00175 if (!NT_STATUS_IS_OK(status)) { 00176 d_fprintf(stderr, "Updating sam account %s failed with %s\n", 00177 argv[0], nt_errstr(status)); 00178 return -1; 00179 } 00180 00181 TALLOC_FREE(sam_acct); 00182 00183 d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom, 00184 name, argv[1]); 00185 return 0; 00186 }
static int net_sam_set_disabled | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照元 net_sam_set().
00189 { 00190 return net_sam_set_userflag(argc, argv, "disabled", ACB_DISABLED); 00191 }
static int net_sam_set_pwnotreq | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照元 net_sam_set().
00194 { 00195 return net_sam_set_userflag(argc, argv, "pwnotreq", ACB_PWNOTREQ); 00196 }
static int net_sam_set_autolock | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照元 net_sam_set().
00199 { 00200 return net_sam_set_userflag(argc, argv, "autolock", ACB_AUTOLOCK); 00201 }
static int net_sam_set_pwnoexp | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照元 net_sam_set().
00204 { 00205 return net_sam_set_userflag(argc, argv, "pwnoexp", ACB_PWNOEXP); 00206 }
static int net_sam_set_pwdmustchangenow | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・lookup_name()・name・nt_errstr()・PDB_CHANGED・pdb_getsampwsid()・pdb_set_pass_last_set_time()・pdb_update_sam_account()・samu_new()・SID_NAME_USER・sid_type_lookup()・status・strequal()・tmp_talloc_ctx()・type.
参照元 net_sam_set().
00213 { 00214 struct samu *sam_acct = NULL; 00215 DOM_SID sid; 00216 enum lsa_SidType type; 00217 const char *dom, *name; 00218 NTSTATUS status; 00219 00220 if ((argc != 2) || (!strequal(argv[1], "yes") && 00221 !strequal(argv[1], "no"))) { 00222 d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n"); 00223 return -1; 00224 } 00225 00226 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00227 &dom, &name, &sid, &type)) { 00228 d_fprintf(stderr, "Could not find name %s\n", argv[0]); 00229 return -1; 00230 } 00231 00232 if (type != SID_NAME_USER) { 00233 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0], 00234 sid_type_lookup(type)); 00235 return -1; 00236 } 00237 00238 if ( !(sam_acct = samu_new( NULL )) ) { 00239 d_fprintf(stderr, "Internal error\n"); 00240 return -1; 00241 } 00242 00243 if (!pdb_getsampwsid(sam_acct, &sid)) { 00244 d_fprintf(stderr, "Loading user %s failed\n", argv[0]); 00245 return -1; 00246 } 00247 00248 if (strequal(argv[1], "yes")) { 00249 pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED); 00250 } else { 00251 pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED); 00252 } 00253 00254 status = pdb_update_sam_account(sam_acct); 00255 if (!NT_STATUS_IS_OK(status)) { 00256 d_fprintf(stderr, "Updating sam account %s failed with %s\n", 00257 argv[0], nt_errstr(status)); 00258 return -1; 00259 } 00260 00261 TALLOC_FREE(sam_acct); 00262 00263 d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom, 00264 name, argv[1]); 00265 return 0; 00266 }
static int net_sam_set_comment | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 _GROUP_MAP::comment・d_fprintf()・d_printf()・lookup_name()・name・net_sam_userset()・nt_errstr()・pdb_getgrsid()・pdb_set_acct_desc()・pdb_update_group_mapping_entry()・SID_NAME_ALIAS・SID_NAME_DOM_GRP・SID_NAME_USER・SID_NAME_WKN_GRP・sid_type_lookup()・status・tmp_talloc_ctx()・type.
参照元 net_sam_set().
00274 { 00275 GROUP_MAP map; 00276 DOM_SID sid; 00277 enum lsa_SidType type; 00278 const char *dom, *name; 00279 NTSTATUS status; 00280 00281 if (argc != 2) { 00282 d_fprintf(stderr, "usage: net sam set comment <name> " 00283 "<comment>\n"); 00284 return -1; 00285 } 00286 00287 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00288 &dom, &name, &sid, &type)) { 00289 d_fprintf(stderr, "Could not find name %s\n", argv[0]); 00290 return -1; 00291 } 00292 00293 if (type == SID_NAME_USER) { 00294 return net_sam_userset(argc, argv, "comment", 00295 pdb_set_acct_desc); 00296 } 00297 00298 if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) && 00299 (type != SID_NAME_WKN_GRP)) { 00300 d_fprintf(stderr, "%s is a %s, not a group\n", argv[0], 00301 sid_type_lookup(type)); 00302 return -1; 00303 } 00304 00305 if (!pdb_getgrsid(&map, sid)) { 00306 d_fprintf(stderr, "Could not load group %s\n", argv[0]); 00307 return -1; 00308 } 00309 00310 fstrcpy(map.comment, argv[1]); 00311 00312 status = pdb_update_group_mapping_entry(&map); 00313 00314 if (!NT_STATUS_IS_OK(status)) { 00315 d_fprintf(stderr, "Updating group mapping entry failed with " 00316 "%s\n", nt_errstr(status)); 00317 return -1; 00318 } 00319 00320 d_printf("Updated comment of group %s\\%s to %s\n", dom, name, 00321 argv[1]); 00322 00323 return 0; 00324 }
static int net_sam_set | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_run_function2()・net_sam_set_autolock()・net_sam_set_comment()・net_sam_set_disabled()・net_sam_set_fullname()・net_sam_set_homedir()・net_sam_set_homedrive()・net_sam_set_logonscript()・net_sam_set_profilepath()・net_sam_set_pwdmustchangenow()・net_sam_set_pwnoexp()・net_sam_set_pwnotreq()・net_sam_set_workstations().
参照元 net_sam().
00327 { 00328 struct functable2 func[] = { 00329 { "homedir", net_sam_set_homedir, 00330 "Change a user's home directory" }, 00331 { "profilepath", net_sam_set_profilepath, 00332 "Change a user's profile path" }, 00333 { "comment", net_sam_set_comment, 00334 "Change a users or groups description" }, 00335 { "fullname", net_sam_set_fullname, 00336 "Change a user's full name" }, 00337 { "logonscript", net_sam_set_logonscript, 00338 "Change a user's logon script" }, 00339 { "homedrive", net_sam_set_homedrive, 00340 "Change a user's home drive" }, 00341 { "workstations", net_sam_set_workstations, 00342 "Change a user's allowed workstations" }, 00343 { "disabled", net_sam_set_disabled, 00344 "Disable/Enable a user" }, 00345 { "pwnotreq", net_sam_set_pwnotreq, 00346 "Disable/Enable the password not required flag" }, 00347 { "autolock", net_sam_set_autolock, 00348 "Disable/Enable a user's lockout flag" }, 00349 { "pwnoexp", net_sam_set_pwnoexp, 00350 "Disable/Enable whether a user's pw does not expire" }, 00351 { "pwdmustchangenow", net_sam_set_pwdmustchangenow, 00352 "Force users password must change at next logon" }, 00353 {NULL, NULL} 00354 }; 00355 00356 return net_run_function2(argc, argv, "net sam set", func); 00357 }
static int net_sam_policy_set | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 account_policy_name_to_fieldnum()・account_policy_names_list()・d_fprintf()・d_printf()・pdb_get_account_policy()・pdb_set_account_policy()・strequal().
参照元 net_sam_policy().
00364 { 00365 const char *account_policy = NULL; 00366 uint32 value, old_value; 00367 int field; 00368 char *endptr; 00369 00370 if (argc != 2) { 00371 d_fprintf(stderr, "usage: net sam policy set " 00372 "\"<account policy>\" <value> \n"); 00373 return -1; 00374 } 00375 00376 account_policy = argv[0]; 00377 field = account_policy_name_to_fieldnum(account_policy); 00378 00379 if (strequal(argv[1], "forever") || strequal(argv[1], "never") 00380 || strequal(argv[1], "off")) { 00381 value = -1; 00382 } 00383 else { 00384 value = strtoul(argv[1], &endptr, 10); 00385 00386 if ((endptr == argv[1]) || (endptr[0] != '\0')) { 00387 d_printf("Unable to set policy \"%s\"! Invalid value " 00388 "\"%s\".\n", 00389 account_policy, argv[1]); 00390 return -1; 00391 } 00392 } 00393 00394 if (field == 0) { 00395 const char **names; 00396 int i, count; 00397 00398 account_policy_names_list(&names, &count); 00399 d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]); 00400 d_fprintf(stderr, "Valid account policies are:\n"); 00401 00402 for (i=0; i<count; i++) { 00403 d_fprintf(stderr, "%s\n", names[i]); 00404 } 00405 00406 SAFE_FREE(names); 00407 return -1; 00408 } 00409 00410 if (!pdb_get_account_policy(field, &old_value)) { 00411 d_fprintf(stderr, "Valid account policy, but unable to fetch " 00412 "value!\n"); 00413 } 00414 00415 if (!pdb_set_account_policy(field, value)) { 00416 d_fprintf(stderr, "Valid account policy, but unable to " 00417 "set value!\n"); 00418 return -1; 00419 } 00420 00421 d_printf("Account policy \"%s\" value was: %d\n", account_policy, 00422 old_value); 00423 00424 d_printf("Account policy \"%s\" value is now: %d\n", account_policy, 00425 value); 00426 return 0; 00427 }
static int net_sam_policy_show | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 account_policy_get_desc()・account_policy_name_to_fieldnum()・account_policy_names_list()・d_fprintf()・fprintf()・pdb_get_account_policy()・printf().
参照元 net_sam_policy().
00430 { 00431 const char *account_policy = NULL; 00432 uint32 old_value; 00433 int field; 00434 00435 if (argc != 1) { 00436 d_fprintf(stderr, "usage: net sam policy show" 00437 " \"<account policy>\" \n"); 00438 return -1; 00439 } 00440 00441 account_policy = argv[0]; 00442 field = account_policy_name_to_fieldnum(account_policy); 00443 00444 if (field == 0) { 00445 const char **names; 00446 int count; 00447 int i; 00448 account_policy_names_list(&names, &count); 00449 d_fprintf(stderr, "No account policy by that name!\n"); 00450 if (count != 0) { 00451 d_fprintf(stderr, "Valid account policies " 00452 "are:\n"); 00453 for (i=0; i<count; i++) { 00454 d_fprintf(stderr, "%s\n", names[i]); 00455 } 00456 } 00457 SAFE_FREE(names); 00458 return -1; 00459 } 00460 00461 if (!pdb_get_account_policy(field, &old_value)) { 00462 fprintf(stderr, "Valid account policy, but unable to " 00463 "fetch value!\n"); 00464 return -1; 00465 } 00466 00467 printf("Account policy \"%s\" description: %s\n", 00468 account_policy, account_policy_get_desc(field)); 00469 printf("Account policy \"%s\" value is: %d\n", account_policy, 00470 old_value); 00471 return 0; 00472 }
static int net_sam_policy_list | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 account_policy_names_list()・d_fprintf().
参照元 net_sam_policy().
00475 { 00476 const char **names; 00477 int count; 00478 int i; 00479 account_policy_names_list(&names, &count); 00480 if (count != 0) { 00481 d_fprintf(stderr, "Valid account policies " 00482 "are:\n"); 00483 for (i = 0; i < count ; i++) { 00484 d_fprintf(stderr, "%s\n", names[i]); 00485 } 00486 } 00487 SAFE_FREE(names); 00488 return -1; 00489 }
static int net_sam_policy | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_run_function2()・net_sam_policy_list()・net_sam_policy_set()・net_sam_policy_show().
参照元 net_sam().
00492 { 00493 struct functable2 func[] = { 00494 { "list", net_sam_policy_list, 00495 "List account policies" }, 00496 { "show", net_sam_policy_show, 00497 "Show account policies" }, 00498 { "set", net_sam_policy_set, 00499 "Change account policies" }, 00500 {NULL, NULL} 00501 }; 00502 00503 return net_run_function2(argc, argv, "net sam policy", func); 00504 }
static int net_sam_mapunixgroup | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・map_unix_group()・nt_errstr()・_GROUP_MAP::sid・sid_string_static()・status.
参照元 net_sam().
00511 { 00512 NTSTATUS status; 00513 GROUP_MAP map; 00514 struct group *grp; 00515 00516 if (argc != 1) { 00517 d_fprintf(stderr, "usage: net sam mapunixgroup <name>\n"); 00518 return -1; 00519 } 00520 00521 grp = getgrnam(argv[0]); 00522 if (grp == NULL) { 00523 d_fprintf(stderr, "Could not find group %s\n", argv[0]); 00524 return -1; 00525 } 00526 00527 status = map_unix_group(grp, &map); 00528 00529 if (!NT_STATUS_IS_OK(status)) { 00530 d_fprintf(stderr, "Mapping group %s failed with %s\n", 00531 argv[0], nt_errstr(status)); 00532 return -1; 00533 } 00534 00535 d_printf("Mapped unix group %s to SID %s\n", argv[0], 00536 sid_string_static(&map.sid)); 00537 00538 return 0; 00539 }
static int net_sam_createlocalgroup | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・nt_errstr()・pdb_create_alias()・status・winbind_ping().
参照元 net_sam().
00546 { 00547 NTSTATUS status; 00548 uint32 rid; 00549 00550 if (argc != 1) { 00551 d_fprintf(stderr, "usage: net sam createlocalgroup <name>\n"); 00552 return -1; 00553 } 00554 00555 if (!winbind_ping()) { 00556 d_fprintf(stderr, "winbind seems not to run. createlocalgroup " 00557 "only works when winbind runs.\n"); 00558 return -1; 00559 } 00560 00561 status = pdb_create_alias(argv[0], &rid); 00562 00563 if (!NT_STATUS_IS_OK(status)) { 00564 d_fprintf(stderr, "Creating %s failed with %s\n", 00565 argv[0], nt_errstr(status)); 00566 return -1; 00567 } 00568 00569 d_printf("Created local group %s with RID %d\n", argv[0], rid); 00570 00571 return 0; 00572 }
static int net_sam_createbuiltingroup | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・lookup_name()・nt_errstr()・pdb_create_builtin_alias()・sid_peek_rid()・status・tmp_talloc_ctx()・type・winbind_ping().
参照元 net_sam().
00579 { 00580 NTSTATUS status; 00581 uint32 rid; 00582 enum lsa_SidType type; 00583 fstring groupname; 00584 DOM_SID sid; 00585 00586 if (argc != 1) { 00587 d_fprintf(stderr, "usage: net sam createbuiltingroup <name>\n"); 00588 return -1; 00589 } 00590 00591 if (!winbind_ping()) { 00592 d_fprintf(stderr, "winbind seems not to run. createlocalgroup " 00593 "only works when winbind runs.\n"); 00594 return -1; 00595 } 00596 00597 /* validate the name and get the group */ 00598 00599 fstrcpy( groupname, "BUILTIN\\" ); 00600 fstrcat( groupname, argv[0] ); 00601 00602 if ( !lookup_name(tmp_talloc_ctx(), groupname, LOOKUP_NAME_ALL, NULL, 00603 NULL, &sid, &type)) { 00604 d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]); 00605 return -1; 00606 } 00607 00608 if ( !sid_peek_rid( &sid, &rid ) ) { 00609 d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]); 00610 return -1; 00611 } 00612 00613 status = pdb_create_builtin_alias( rid ); 00614 00615 if (!NT_STATUS_IS_OK(status)) { 00616 d_fprintf(stderr, "Creating %s failed with %s\n", 00617 argv[0], nt_errstr(status)); 00618 return -1; 00619 } 00620 00621 d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid); 00622 00623 return 0; 00624 }
static int net_sam_addmem | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・lookup_name()・lookup_sid()・nt_errstr()・pdb_add_aliasmem()・SID_NAME_ALIAS・SID_NAME_DOM_GRP・SID_NAME_USER・SID_NAME_WKN_GRP・sid_type_lookup()・status・string_to_sid()・tmp_talloc_ctx().
参照元 net_sam().
00631 { 00632 const char *groupdomain, *groupname, *memberdomain, *membername; 00633 DOM_SID group, member; 00634 enum lsa_SidType grouptype, membertype; 00635 NTSTATUS status; 00636 00637 if (argc != 2) { 00638 d_fprintf(stderr, "usage: net sam addmem <group> <member>\n"); 00639 return -1; 00640 } 00641 00642 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00643 &groupdomain, &groupname, &group, &grouptype)) { 00644 d_fprintf(stderr, "Could not find group %s\n", argv[0]); 00645 return -1; 00646 } 00647 00648 /* check to see if the member to be added is a name or a SID */ 00649 00650 if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL, 00651 &memberdomain, &membername, &member, &membertype)) 00652 { 00653 /* try it as a SID */ 00654 00655 if ( !string_to_sid( &member, argv[1] ) ) { 00656 d_fprintf(stderr, "Could not find member %s\n", argv[1]); 00657 return -1; 00658 } 00659 00660 if ( !lookup_sid(tmp_talloc_ctx(), &member, &memberdomain, 00661 &membername, &membertype) ) 00662 { 00663 d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]); 00664 return -1; 00665 } 00666 } 00667 00668 if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) { 00669 if ((membertype != SID_NAME_USER) && 00670 (membertype != SID_NAME_DOM_GRP)) { 00671 d_fprintf(stderr, "%s is a local group, only users " 00672 "and domain groups can be added.\n" 00673 "%s is a %s\n", argv[0], argv[1], 00674 sid_type_lookup(membertype)); 00675 return -1; 00676 } 00677 status = pdb_add_aliasmem(&group, &member); 00678 00679 if (!NT_STATUS_IS_OK(status)) { 00680 d_fprintf(stderr, "Adding local group member failed " 00681 "with %s\n", nt_errstr(status)); 00682 return -1; 00683 } 00684 } else { 00685 d_fprintf(stderr, "Can only add members to local groups so " 00686 "far, %s is a %s\n", argv[0], 00687 sid_type_lookup(grouptype)); 00688 return -1; 00689 } 00690 00691 d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername, 00692 groupdomain, groupname); 00693 00694 return 0; 00695 }
static int net_sam_delmem | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・lookup_name()・nt_errstr()・pdb_del_aliasmem()・SID_NAME_ALIAS・SID_NAME_WKN_GRP・sid_string_static()・sid_type_lookup()・status・string_to_sid()・tmp_talloc_ctx().
参照元 net_sam().
00702 { 00703 const char *groupdomain, *groupname; 00704 const char *memberdomain = NULL; 00705 const char *membername = NULL; 00706 DOM_SID group, member; 00707 enum lsa_SidType grouptype; 00708 NTSTATUS status; 00709 00710 if (argc != 2) { 00711 d_fprintf(stderr, "usage: net sam delmem <group> <member>\n"); 00712 return -1; 00713 } 00714 00715 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00716 &groupdomain, &groupname, &group, &grouptype)) { 00717 d_fprintf(stderr, "Could not find group %s\n", argv[0]); 00718 return -1; 00719 } 00720 00721 if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL, 00722 &memberdomain, &membername, &member, NULL)) { 00723 if (!string_to_sid(&member, argv[1])) { 00724 d_fprintf(stderr, "Could not find member %s\n", 00725 argv[1]); 00726 return -1; 00727 } 00728 } 00729 00730 if ((grouptype == SID_NAME_ALIAS) || 00731 (grouptype == SID_NAME_WKN_GRP)) { 00732 status = pdb_del_aliasmem(&group, &member); 00733 00734 if (!NT_STATUS_IS_OK(status)) { 00735 d_fprintf(stderr, "Deleting local group member failed " 00736 "with %s\n", nt_errstr(status)); 00737 return -1; 00738 } 00739 } else { 00740 d_fprintf(stderr, "Can only delete members from local groups " 00741 "so far, %s is a %s\n", argv[0], 00742 sid_type_lookup(grouptype)); 00743 return -1; 00744 } 00745 00746 if (membername != NULL) { 00747 d_printf("Deleted %s\\%s from %s\\%s\n", 00748 memberdomain, membername, groupdomain, groupname); 00749 } else { 00750 d_printf("Deleted %s from %s\\%s\n", 00751 sid_string_static(&member), groupdomain, groupname); 00752 } 00753 00754 return 0; 00755 }
static int net_sam_listmem | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・lookup_name()・lookup_sid()・name・nt_errstr()・pdb_enum_aliasmem()・SID_NAME_ALIAS・SID_NAME_WKN_GRP・sid_string_static()・sid_type_lookup()・status・tmp_talloc_ctx().
参照元 net_sam().
00762 { 00763 const char *groupdomain, *groupname; 00764 DOM_SID group; 00765 enum lsa_SidType grouptype; 00766 NTSTATUS status; 00767 00768 if (argc != 1) { 00769 d_fprintf(stderr, "usage: net sam listmem <group>\n"); 00770 return -1; 00771 } 00772 00773 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00774 &groupdomain, &groupname, &group, &grouptype)) { 00775 d_fprintf(stderr, "Could not find group %s\n", argv[0]); 00776 return -1; 00777 } 00778 00779 if ((grouptype == SID_NAME_ALIAS) || 00780 (grouptype == SID_NAME_WKN_GRP)) { 00781 DOM_SID *members = NULL; 00782 size_t i, num_members = 0; 00783 00784 status = pdb_enum_aliasmem(&group, &members, &num_members); 00785 00786 if (!NT_STATUS_IS_OK(status)) { 00787 d_fprintf(stderr, "Listing group members failed with " 00788 "%s\n", nt_errstr(status)); 00789 return -1; 00790 } 00791 00792 d_printf("%s\\%s has %u members\n", groupdomain, groupname, 00793 (unsigned int)num_members); 00794 for (i=0; i<num_members; i++) { 00795 const char *dom, *name; 00796 if (lookup_sid(tmp_talloc_ctx(), &members[i], 00797 &dom, &name, NULL)) { 00798 d_printf(" %s\\%s\n", dom, name); 00799 } else { 00800 d_printf(" %s\n", 00801 sid_string_static(&members[i])); 00802 } 00803 } 00804 } else { 00805 d_fprintf(stderr, "Can only list local group members so far.\n" 00806 "%s is a %s\n", argv[0], sid_type_lookup(grouptype)); 00807 return -1; 00808 } 00809 00810 return 0; 00811 }
static int net_sam_do_list | ( | int | argc, | |
const char ** | argv, | |||
struct pdb_search * | search, | |||
const char * | what | |||
) | [static] |
参照先 samr_displayentry::account_name・d_fprintf()・d_printf()・samr_displayentry::description・pdb_search::next_entry・samr_displayentry::rid・pdb_search::search_end・strequal()・verbose.
参照元 net_sam_list_builtin()・net_sam_list_groups()・net_sam_list_localgroups()・net_sam_list_users()・net_sam_list_workstations().
00818 { 00819 BOOL verbose = (argc == 1); 00820 00821 if ((argc > 1) || 00822 ((argc == 1) && !strequal(argv[0], "verbose"))) { 00823 d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what); 00824 return -1; 00825 } 00826 00827 if (search == NULL) { 00828 d_fprintf(stderr, "Could not start search\n"); 00829 return -1; 00830 } 00831 00832 while (True) { 00833 struct samr_displayentry entry; 00834 if (!search->next_entry(search, &entry)) { 00835 break; 00836 } 00837 if (verbose) { 00838 d_printf("%s:%d:%s\n", 00839 entry.account_name, 00840 entry.rid, 00841 entry.description); 00842 } else { 00843 d_printf("%s\n", entry.account_name); 00844 } 00845 } 00846 00847 search->search_end(search); 00848 return 0; 00849 }
static int net_sam_list_users | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_do_list()・pdb_search_users().
参照元 net_sam_list().
00852 { 00853 return net_sam_do_list(argc, argv, pdb_search_users(ACB_NORMAL), 00854 "users"); 00855 }
static int net_sam_list_groups | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_do_list()・pdb_search_groups().
参照元 net_sam_list().
00858 { 00859 return net_sam_do_list(argc, argv, pdb_search_groups(), "groups"); 00860 }
static int net_sam_list_localgroups | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 get_global_sam_sid()・net_sam_do_list()・pdb_search_aliases().
参照元 net_sam_list().
00863 { 00864 return net_sam_do_list(argc, argv, 00865 pdb_search_aliases(get_global_sam_sid()), 00866 "localgroups"); 00867 }
static int net_sam_list_builtin | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 global_sid_Builtin・net_sam_do_list()・pdb_search_aliases().
参照元 net_sam_list().
00870 { 00871 return net_sam_do_list(argc, argv, 00872 pdb_search_aliases(&global_sid_Builtin), 00873 "builtin"); 00874 }
static int net_sam_list_workstations | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_sam_do_list()・pdb_search_users().
参照元 net_sam_list().
00877 { 00878 return net_sam_do_list(argc, argv, 00879 pdb_search_users(ACB_WSTRUST), 00880 "workstations"); 00881 }
static int net_sam_list | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 net_run_function2()・net_sam_list_builtin()・net_sam_list_groups()・net_sam_list_localgroups()・net_sam_list_users()・net_sam_list_workstations().
参照元 net_sam().
00888 { 00889 struct functable2 func[] = { 00890 { "users", net_sam_list_users, 00891 "List SAM users" }, 00892 { "groups", net_sam_list_groups, 00893 "List SAM groups" }, 00894 { "localgroups", net_sam_list_localgroups, 00895 "List SAM local groups" }, 00896 { "builtin", net_sam_list_builtin, 00897 "List builtin groups" }, 00898 { "workstations", net_sam_list_workstations, 00899 "List domain member workstations" }, 00900 {NULL, NULL} 00901 }; 00902 00903 return net_run_function2(argc, argv, "net sam list", func); 00904 }
static int net_sam_show | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・lookup_name()・name・sid_string_static()・sid_type_lookup()・tmp_talloc_ctx()・type.
参照元 net_sam().
00911 { 00912 DOM_SID sid; 00913 enum lsa_SidType type; 00914 const char *dom, *name; 00915 00916 if (argc != 1) { 00917 d_fprintf(stderr, "usage: net sam show <name>\n"); 00918 return -1; 00919 } 00920 00921 if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL, 00922 &dom, &name, &sid, &type)) { 00923 d_fprintf(stderr, "Could not find name %s\n", argv[0]); 00924 return -1; 00925 } 00926 00927 d_printf("%s\\%s is a %s with SID %s\n", dom, name, 00928 sid_type_lookup(type), sid_string_static(&sid)); 00929 00930 return 0; 00931 }
static int net_sam_provision | ( | int | argc, | |
const char ** | argv | |||
) | [static] |
参照先 d_fprintf()・d_printf()・failed・get_global_sam_name()・get_global_sam_sid()・getpwnam_alloc()・_GROUP_MAP::gid・LDAP_SUCCESS・lp_ldap_group_suffix()・lp_ldap_user_suffix()・lp_parm_bool()・name・pdb_encode_acct_ctrl()・pdb_getgrgid()・pdb_getgrsid()・pdb_getsampwnam()・samu_new()・sid_compose()・SID_NAME_DOM_GRP・sid_string_static()・smbldap_add()・smbldap_init()・smbldap_set_mod()・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_free()・talloc_strdup()・talloc_sub_specified()・trim_char()・winbind_allocate_gid()・winbind_allocate_uid()・winbind_ping().
参照元 net_sam().
00941 { 00942 TALLOC_CTX *tc; 00943 char *ldap_bk; 00944 char *ldap_uri = NULL; 00945 char *p; 00946 struct smbldap_state *ls; 00947 GROUP_MAP gmap; 00948 DOM_SID gsid; 00949 gid_t domusers_gid = -1; 00950 gid_t domadmins_gid = -1; 00951 struct samu *samuser; 00952 struct passwd *pwd; 00953 00954 tc = talloc_new(NULL); 00955 if (!tc) { 00956 d_fprintf(stderr, "Out of Memory!\n"); 00957 return -1; 00958 } 00959 00960 if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) { 00961 d_fprintf(stderr, "talloc failed\n"); 00962 talloc_free(tc); 00963 return -1; 00964 } 00965 p = strchr(ldap_bk, ':'); 00966 if (p) { 00967 *p = 0; 00968 ldap_uri = talloc_strdup(tc, p+1); 00969 trim_char(ldap_uri, ' ', ' '); 00970 } 00971 00972 trim_char(ldap_bk, ' ', ' '); 00973 00974 if (strcmp(ldap_bk, "ldapsam") != 0) { 00975 d_fprintf(stderr, "Provisioning works only with ldapsam backend\n"); 00976 goto failed; 00977 } 00978 00979 if (!lp_parm_bool(-1, "ldapsam", "trusted", False) || 00980 !lp_parm_bool(-1, "ldapsam", "editposix", False)) { 00981 00982 d_fprintf(stderr, "Provisioning works only if ldapsam:trusted" 00983 " and ldapsam:editposix are enabled.\n"); 00984 goto failed; 00985 } 00986 00987 if (!winbind_ping()) { 00988 d_fprintf(stderr, "winbind seems not to run. Provisioning " 00989 "LDAP only works when winbind runs.\n"); 00990 goto failed; 00991 } 00992 00993 if (!NT_STATUS_IS_OK(smbldap_init(tc, ldap_uri, &ls))) { 00994 d_fprintf(stderr, "Unable to connect to the LDAP server.\n"); 00995 goto failed; 00996 } 00997 00998 d_printf("Checking for Domain Users group.\n"); 00999 01000 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); 01001 01002 if (!pdb_getgrsid(&gmap, gsid)) { 01003 LDAPMod **mods = NULL; 01004 char *dn; 01005 char *uname; 01006 char *wname; 01007 char *gidstr; 01008 char *gtype; 01009 int rc; 01010 01011 d_printf("Adding the Domain Users group.\n"); 01012 01013 /* lets allocate a new groupid for this group */ 01014 if (!winbind_allocate_gid(&domusers_gid)) { 01015 d_fprintf(stderr, "Unable to allocate a new gid to create Domain Users group!\n"); 01016 goto domu_done; 01017 } 01018 01019 uname = talloc_strdup(tc, "domusers"); 01020 wname = talloc_strdup(tc, "Domain Users"); 01021 dn = talloc_asprintf(tc, "cn=%s,%s", "domusers", lp_ldap_group_suffix()); 01022 gidstr = talloc_asprintf(tc, "%d", domusers_gid); 01023 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP); 01024 01025 if (!uname || !wname || !dn || !gidstr || !gtype) { 01026 d_fprintf(stderr, "Out of Memory!\n"); 01027 goto failed; 01028 } 01029 01030 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); 01031 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 01032 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); 01033 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); 01034 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 01035 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); 01036 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); 01037 01038 talloc_autofree_ldapmod(tc, mods); 01039 01040 rc = smbldap_add(ls, dn, mods); 01041 01042 if (rc != LDAP_SUCCESS) { 01043 d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n"); 01044 } 01045 } else { 01046 domusers_gid = gmap.gid; 01047 d_printf("found!\n"); 01048 } 01049 01050 domu_done: 01051 01052 d_printf("Checking for Domain Admins group.\n"); 01053 01054 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); 01055 01056 if (!pdb_getgrsid(&gmap, gsid)) { 01057 LDAPMod **mods = NULL; 01058 char *dn; 01059 char *uname; 01060 char *wname; 01061 char *gidstr; 01062 char *gtype; 01063 int rc; 01064 01065 d_printf("Adding the Domain Admins group.\n"); 01066 01067 /* lets allocate a new groupid for this group */ 01068 if (!winbind_allocate_gid(&domadmins_gid)) { 01069 d_fprintf(stderr, "Unable to allocate a new gid to create Domain Admins group!\n"); 01070 goto doma_done; 01071 } 01072 01073 uname = talloc_strdup(tc, "domadmins"); 01074 wname = talloc_strdup(tc, "Domain Admins"); 01075 dn = talloc_asprintf(tc, "cn=%s,%s", "domadmins", lp_ldap_group_suffix()); 01076 gidstr = talloc_asprintf(tc, "%d", domadmins_gid); 01077 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP); 01078 01079 if (!uname || !wname || !dn || !gidstr || !gtype) { 01080 d_fprintf(stderr, "Out of Memory!\n"); 01081 goto failed; 01082 } 01083 01084 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); 01085 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 01086 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); 01087 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); 01088 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 01089 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); 01090 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); 01091 01092 talloc_autofree_ldapmod(tc, mods); 01093 01094 rc = smbldap_add(ls, dn, mods); 01095 01096 if (rc != LDAP_SUCCESS) { 01097 d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n"); 01098 } 01099 } else { 01100 domadmins_gid = gmap.gid; 01101 d_printf("found!\n"); 01102 } 01103 01104 doma_done: 01105 01106 d_printf("Check for Administrator account.\n"); 01107 01108 samuser = samu_new(tc); 01109 if (!samuser) { 01110 d_fprintf(stderr, "Out of Memory!\n"); 01111 goto failed; 01112 } 01113 01114 if (!pdb_getsampwnam(samuser, "Administrator")) { 01115 LDAPMod **mods = NULL; 01116 DOM_SID sid; 01117 char *dn; 01118 char *name; 01119 char *uidstr; 01120 char *gidstr; 01121 char *shell; 01122 char *dir; 01123 uid_t uid; 01124 int rc; 01125 01126 d_printf("Adding the Administrator user.\n"); 01127 01128 if (domadmins_gid == -1) { 01129 d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n"); 01130 goto done; 01131 } 01132 if (!winbind_allocate_uid(&uid)) { 01133 d_fprintf(stderr, "Unable to allocate a new uid to create the Administrator user!\n"); 01134 goto done; 01135 } 01136 name = talloc_strdup(tc, "Administrator"); 01137 dn = talloc_asprintf(tc, "uid=Administrator,%s", lp_ldap_user_suffix()); 01138 uidstr = talloc_asprintf(tc, "%d", uid); 01139 gidstr = talloc_asprintf(tc, "%d", domadmins_gid); 01140 dir = talloc_sub_specified(tc, lp_template_homedir(), 01141 "Administrator", 01142 get_global_sam_name(), 01143 uid, domadmins_gid); 01144 shell = talloc_sub_specified(tc, lp_template_shell(), 01145 "Administrator", 01146 get_global_sam_name(), 01147 uid, domadmins_gid); 01148 01149 if (!name || !dn || !uidstr || !gidstr || !dir || !shell) { 01150 d_fprintf(stderr, "Out of Memory!\n"); 01151 goto failed; 01152 } 01153 01154 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN); 01155 01156 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT); 01157 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT); 01158 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT); 01159 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name); 01160 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name); 01161 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name); 01162 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr); 01163 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 01164 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir); 01165 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell); 01166 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); 01167 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", 01168 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, 01169 NEW_PW_FORMAT_SPACE_PADDED_LEN)); 01170 01171 talloc_autofree_ldapmod(tc, mods); 01172 01173 rc = smbldap_add(ls, dn, mods); 01174 01175 if (rc != LDAP_SUCCESS) { 01176 d_fprintf(stderr, "Failed to add Administrator user to ldap directory\n"); 01177 } 01178 } else { 01179 d_printf("found!\n"); 01180 } 01181 01182 d_printf("Checking for Guest user.\n"); 01183 01184 samuser = samu_new(tc); 01185 if (!samuser) { 01186 d_fprintf(stderr, "Out of Memory!\n"); 01187 goto failed; 01188 } 01189 01190 if (!pdb_getsampwnam(samuser, lp_guestaccount())) { 01191 LDAPMod **mods = NULL; 01192 DOM_SID sid; 01193 char *dn; 01194 char *uidstr; 01195 char *gidstr; 01196 int rc; 01197 01198 d_printf("Adding the Guest user.\n"); 01199 01200 pwd = getpwnam_alloc(tc, lp_guestaccount()); 01201 01202 if (!pwd) { 01203 if (domusers_gid == -1) { 01204 d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n"); 01205 goto done; 01206 } 01207 if ((pwd = talloc(tc, struct passwd)) == NULL) { 01208 d_fprintf(stderr, "talloc failed\n"); 01209 goto done; 01210 } 01211 pwd->pw_name = talloc_strdup(pwd, lp_guestaccount()); 01212 if (!winbind_allocate_uid(&(pwd->pw_uid))) { 01213 d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n"); 01214 goto done; 01215 } 01216 pwd->pw_gid = domusers_gid; 01217 pwd->pw_dir = talloc_strdup(tc, "/"); 01218 pwd->pw_shell = talloc_strdup(tc, "/bin/false"); 01219 if (!pwd->pw_dir || !pwd->pw_shell) { 01220 d_fprintf(stderr, "Out of Memory!\n"); 01221 goto failed; 01222 } 01223 } 01224 01225 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); 01226 01227 dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ()); 01228 uidstr = talloc_asprintf(tc, "%d", pwd->pw_uid); 01229 gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid); 01230 if (!dn || !uidstr || !gidstr) { 01231 d_fprintf(stderr, "Out of Memory!\n"); 01232 goto failed; 01233 } 01234 01235 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT); 01236 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT); 01237 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT); 01238 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name); 01239 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name); 01240 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name); 01241 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr); 01242 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 01243 if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) { 01244 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir); 01245 } 01246 if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) { 01247 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell); 01248 } 01249 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); 01250 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", 01251 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, 01252 NEW_PW_FORMAT_SPACE_PADDED_LEN)); 01253 01254 talloc_autofree_ldapmod(tc, mods); 01255 01256 rc = smbldap_add(ls, dn, mods); 01257 01258 if (rc != LDAP_SUCCESS) { 01259 d_fprintf(stderr, "Failed to add Guest user to ldap directory\n"); 01260 } 01261 } else { 01262 d_printf("found!\n"); 01263 } 01264 01265 d_printf("Checking Guest's group.\n"); 01266 01267 pwd = getpwnam_alloc(NULL, lp_guestaccount()); 01268 if (!pwd) { 01269 d_fprintf(stderr, "Failed to find just created Guest account!\n" 01270 " Is nss properly configured?!\n"); 01271 goto failed; 01272 } 01273 01274 if (pwd->pw_gid == domusers_gid) { 01275 d_printf("found!\n"); 01276 goto done; 01277 } 01278 01279 if (!pdb_getgrgid(&gmap, pwd->pw_gid)) { 01280 LDAPMod **mods = NULL; 01281 char *dn; 01282 char *uname; 01283 char *wname; 01284 char *gidstr; 01285 char *gtype; 01286 int rc; 01287 01288 d_printf("Adding the Domain Guests group.\n"); 01289 01290 uname = talloc_strdup(tc, "domguests"); 01291 wname = talloc_strdup(tc, "Domain Guests"); 01292 dn = talloc_asprintf(tc, "cn=%s,%s", "domguests", lp_ldap_group_suffix()); 01293 gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid); 01294 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP); 01295 01296 if (!uname || !wname || !dn || !gidstr || !gtype) { 01297 d_fprintf(stderr, "Out of Memory!\n"); 01298 goto failed; 01299 } 01300 01301 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS); 01302 01303 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); 01304 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 01305 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); 01306 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); 01307 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 01308 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); 01309 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); 01310 01311 talloc_autofree_ldapmod(tc, mods); 01312 01313 rc = smbldap_add(ls, dn, mods); 01314 01315 if (rc != LDAP_SUCCESS) { 01316 d_fprintf(stderr, "Failed to add Domain Guests group to ldap directory\n"); 01317 } 01318 } else { 01319 d_printf("found!\n"); 01320 } 01321 01322 01323 done: 01324 talloc_free(tc); 01325 return 0; 01326 01327 failed: 01328 talloc_free(tc); 01329 return -1; 01330 }
int net_sam | ( | int | argc, | |
const char ** | argv | |||
) |
参照先 d_fprintf()・net_run_function2()・net_sam_addmem()・net_sam_createbuiltingroup()・net_sam_createlocalgroup()・net_sam_delmem()・net_sam_list()・net_sam_listmem()・net_sam_mapunixgroup()・net_sam_policy()・net_sam_provision()・net_sam_set()・net_sam_show().
01338 { 01339 struct functable2 func[] = { 01340 { "createbuiltingroup", net_sam_createbuiltingroup, 01341 "Create a new BUILTIN group" }, 01342 { "createlocalgroup", net_sam_createlocalgroup, 01343 "Create a new local group" }, 01344 { "mapunixgroup", net_sam_mapunixgroup, 01345 "Map a unix group to a domain group" }, 01346 { "addmem", net_sam_addmem, 01347 "Add a member to a group" }, 01348 { "delmem", net_sam_delmem, 01349 "Delete a member from a group" }, 01350 { "listmem", net_sam_listmem, 01351 "List group members" }, 01352 { "list", net_sam_list, 01353 "List users, groups and local groups" }, 01354 { "show", net_sam_show, 01355 "Show details of a SAM entry" }, 01356 { "set", net_sam_set, 01357 "Set details of a SAM account" }, 01358 { "policy", net_sam_policy, 01359 "Set account policies" }, 01360 #ifdef HAVE_LDAP 01361 { "provision", net_sam_provision, 01362 "Provision a clean User Database" }, 01363 #endif 01364 { NULL, NULL, NULL } 01365 }; 01366 01367 /* we shouldn't have silly checks like this */ 01368 if (getuid() != 0) { 01369 d_fprintf(stderr, "You must be root to edit the SAM " 01370 "directly.\n"); 01371 return -1; 01372 } 01373 01374 return net_run_function2(argc, argv, "net sam", func); 01375 }