2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-2000,
5 * Copyright (C) Jean François Micouleau 1998-2001.
6 * Copyright (C) Gerald Carter 2003,
7 * Copyright (C) Volker Lendecke 2004
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
25 #include "utils/net.h"
27 /*********************************************************
28 Figure out if the input was an NT group or a SID string.
30 **********************************************************/
31 static bool get_sid_from_input(DOM_SID *sid, char *input)
35 if (StrnCaseCmp( input, "S-", 2)) {
36 /* Perhaps its the NT group name? */
37 if (!pdb_getgrnam(&map, input)) {
38 printf(_("NT Group %s doesn't exist in mapping DB\n"),
45 if (!string_to_sid(sid, input)) {
46 printf(_("converting sid %s from a string failed!\n"),
54 /*********************************************************
55 Dump a GROUP_MAP entry to stdout (long or short listing)
56 **********************************************************/
58 static void print_map_entry ( GROUP_MAP map, bool long_list )
61 d_printf("%s (%s) -> %s\n", map.nt_name,
62 sid_string_tos(&map.sid), gidtoname(map.gid));
64 d_printf("%s\n", map.nt_name);
65 d_printf(_("\tSID : %s\n"), sid_string_tos(&map.sid));
66 d_printf(_("\tUnix gid : %u\n"), (unsigned int)map.gid);
67 d_printf(_("\tUnix group: %s\n"), gidtoname(map.gid));
68 d_printf(_("\tGroup type: %s\n"),
69 sid_type_lookup(map.sid_name_use));
70 d_printf(_("\tComment : %s\n"), map.comment);
74 /*********************************************************
76 **********************************************************/
77 static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
80 bool long_list = false;
83 fstring sid_string = "";
84 const char list_usage_str[] = N_("net groupmap list [verbose] "
85 "[ntgroup=NT group] [sid=SID]\n"
86 " verbose\tPrint verbose list\n"
87 " ntgroup\tNT group to list\n"
88 " sid\tSID of group to list");
90 if (c->display_usage) {
91 d_printf(_("Usage:\n"),"%s\n", list_usage_str);
95 if (c->opt_verbose || c->opt_long_list_entries)
99 for ( i=0; i<argc; i++ ) {
100 if ( !StrCaseCmp(argv[i], "verbose")) {
103 else if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
104 fstrcpy( ntgroup, get_string_param( argv[i] ) );
106 d_fprintf(stderr, _("must supply a name\n"));
110 else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
111 fstrcpy( sid_string, get_string_param( argv[i] ) );
112 if ( !sid_string[0] ) {
113 d_fprintf(stderr, _("must supply a SID\n"));
118 d_fprintf(stderr, _("Bad option: %s\n"), argv[i]);
119 d_printf(_("Usage:\n"),"%s\n", list_usage_str);
124 /* list a single group is given a name */
125 if ( ntgroup[0] || sid_string[0] ) {
130 fstrcpy( ntgroup, sid_string);
132 if (!get_sid_from_input(&sid, ntgroup)) {
136 /* Get the current mapping from the database */
137 if(!pdb_getgrsid(&map, sid)) {
139 _("Failure to local group SID in the "
144 print_map_entry( map, long_list );
148 /* enumerate all group mappings */
149 if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
152 for (i=0; i<entries; i++) {
153 print_map_entry( map[i], long_list );
162 /*********************************************************
163 Add a new group mapping entry
164 **********************************************************/
166 static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
169 fstring ntgroup = "";
170 fstring unixgrp = "";
171 fstring string_sid = "";
173 fstring ntcomment = "";
174 enum lsa_SidType sid_type = SID_NAME_DOM_GRP;
180 const char *name_type;
181 const char add_usage_str[] = N_("net groupmap add "
182 "{rid=<int>|sid=<string>}"
183 " unixgroup=<string> "
184 "[type=<domain|local|builtin>] "
185 "[ntgroup=<string>] "
186 "[comment=<string>]");
190 /* Default is domain group. */
191 map.sid_name_use = SID_NAME_DOM_GRP;
192 name_type = "domain group";
194 if (c->display_usage) {
195 d_printf(_("Usage:\n"),"%s\n", add_usage_str);
199 /* get the options */
200 for ( i=0; i<argc; i++ ) {
201 if ( !StrnCaseCmp(argv[i], "rid", strlen("rid")) ) {
202 rid = get_int_param(argv[i]);
203 if ( rid < DOMAIN_GROUP_RID_ADMINS ) {
205 _("RID must be greater than %d\n"),
206 (uint32)DOMAIN_GROUP_RID_ADMINS-1);
210 else if ( !StrnCaseCmp(argv[i], "unixgroup", strlen("unixgroup")) ) {
211 fstrcpy( unixgrp, get_string_param( argv[i] ) );
213 d_fprintf(stderr,_( "must supply a name\n"));
217 else if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
218 fstrcpy( ntgroup, get_string_param( argv[i] ) );
220 d_fprintf(stderr, _("must supply a name\n"));
224 else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
225 fstrcpy( string_sid, get_string_param( argv[i] ) );
226 if ( !string_sid[0] ) {
227 d_fprintf(stderr, _("must supply a SID\n"));
231 else if ( !StrnCaseCmp(argv[i], "comment", strlen("comment")) ) {
232 fstrcpy( ntcomment, get_string_param( argv[i] ) );
233 if ( !ntcomment[0] ) {
235 _("must supply a comment string\n"));
239 else if ( !StrnCaseCmp(argv[i], "type", strlen("type")) ) {
240 fstrcpy( type, get_string_param( argv[i] ) );
244 sid_type = SID_NAME_WKN_GRP;
245 name_type = "wellknown group";
249 sid_type = SID_NAME_DOM_GRP;
250 name_type = "domain group";
254 sid_type = SID_NAME_ALIAS;
255 name_type = "alias (local) group";
259 _("unknown group type %s\n"),
265 d_fprintf(stderr, _("Bad option: %s\n"), argv[i]);
271 d_printf(_("Usage:\n"),"%s\n", add_usage_str);
275 if ( (gid = nametogid(unixgrp)) == (gid_t)-1 ) {
276 d_fprintf(stderr, _("Can't lookup UNIX group %s\n"), unixgrp);
281 if (pdb_getgrgid(&map, gid)) {
282 d_printf(_("Unix group %s already mapped to SID %s\n"),
283 unixgrp, sid_string_tos(&map.sid));
288 if ( (rid == 0) && (string_sid[0] == '\0') ) {
289 d_printf(_("No rid or sid specified, choosing a RID\n"));
290 if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
291 if (!pdb_new_rid(&rid)) {
292 d_printf(_("Could not get new RID\n"));
295 rid = algorithmic_pdb_gid_to_group_rid(gid);
297 d_printf(_("Got RID %d\n"), rid);
300 /* append the rid to our own domain/machine SID if we don't have a full SID */
301 if ( !string_sid[0] ) {
302 sid_compose(&sid, get_global_sam_sid(), rid);
303 sid_to_fstring(string_sid, &sid);
308 case SID_NAME_WKN_GRP:
309 fstrcpy(ntcomment, "Wellknown Unix group");
311 case SID_NAME_DOM_GRP:
312 fstrcpy(ntcomment, "Domain Unix group");
315 fstrcpy(ntcomment, "Local Unix group");
318 fstrcpy(ntcomment, "Unix group");
324 fstrcpy( ntgroup, unixgrp );
326 if (!NT_STATUS_IS_OK(add_initial_entry(gid, string_sid, sid_type, ntgroup, ntcomment))) {
327 d_fprintf(stderr, _("adding entry for group %s failed!\n"), ntgroup);
331 d_printf(_("Successfully added group %s to the mapping db as a %s\n"),
336 static int net_groupmap_modify(struct net_context *c, int argc, const char **argv)
340 fstring ntcomment = "";
342 fstring ntgroup = "";
343 fstring unixgrp = "";
344 fstring sid_string = "";
345 enum lsa_SidType sid_type = SID_NAME_UNKNOWN;
348 const char modify_usage_str[] = N_("net groupmap modify "
349 "{ntgroup=<string>|sid=<SID>} "
350 "[comment=<string>] "
351 "[unixgroup=<string>] "
352 "[type=<domain|local>]");
354 if (c->display_usage) {
355 d_printf(_("Usage:\n"),"%s\n", modify_usage_str);
359 /* get the options */
360 for ( i=0; i<argc; i++ ) {
361 if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
362 fstrcpy( ntgroup, get_string_param( argv[i] ) );
364 d_fprintf(stderr, _("must supply a name\n"));
368 else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
369 fstrcpy( sid_string, get_string_param( argv[i] ) );
370 if ( !sid_string[0] ) {
371 d_fprintf(stderr, _("must supply a name\n"));
375 else if ( !StrnCaseCmp(argv[i], "comment", strlen("comment")) ) {
376 fstrcpy( ntcomment, get_string_param( argv[i] ) );
377 if ( !ntcomment[0] ) {
379 _("must supply a comment string\n"));
383 else if ( !StrnCaseCmp(argv[i], "unixgroup", strlen("unixgroup")) ) {
384 fstrcpy( unixgrp, get_string_param( argv[i] ) );
387 _("must supply a group name\n"));
391 else if ( !StrnCaseCmp(argv[i], "type", strlen("type")) ) {
392 fstrcpy( type, get_string_param( argv[i] ) );
396 sid_type = SID_NAME_DOM_GRP;
400 sid_type = SID_NAME_ALIAS;
405 d_fprintf(stderr, _("Bad option: %s\n"), argv[i]);
410 if ( !ntgroup[0] && !sid_string[0] ) {
411 d_printf(_("Usage:\n"),"%s\n", modify_usage_str);
415 /* give preference to the SID; if both the ntgroup name and SID
416 are defined, use the SID and assume that the group name could be a
419 if ( sid_string[0] ) {
420 if (!get_sid_from_input(&sid, sid_string)) {
425 if (!get_sid_from_input(&sid, ntgroup)) {
430 /* Get the current mapping from the database */
431 if(!pdb_getgrsid(&map, sid)) {
433 _("Failed to find local group SID in the database\n"));
438 * Allow changing of group type only between domain and local
439 * We disallow changing Builtin groups !!! (SID problem)
441 if (sid_type == SID_NAME_UNKNOWN) {
442 d_fprintf(stderr, _("Can't map to an unknown group type.\n"));
446 if (map.sid_name_use == SID_NAME_WKN_GRP) {
448 _("You can only change between domain and local "
453 map.sid_name_use=sid_type;
455 /* Change comment if new one */
457 fstrcpy( map.comment, ntcomment );
460 fstrcpy( map.nt_name, ntgroup );
463 gid = nametogid( unixgrp );
465 d_fprintf(stderr, _("Unable to lookup UNIX group %s. "
466 "Make sure the group exists.\n"),
474 if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
475 d_fprintf(stderr, _("Could not update group database\n"));
479 d_printf(_("Updated mapping entry for %s\n"), map.nt_name);
484 static int net_groupmap_delete(struct net_context *c, int argc, const char **argv)
487 fstring ntgroup = "";
488 fstring sid_string = "";
490 const char delete_usage_str[] = N_("net groupmap delete "
491 "{ntgroup=<string>|sid=<SID>}");
493 if (c->display_usage) {
494 d_printf(_("Usage:\n"),"%s\n", delete_usage_str);
498 /* get the options */
499 for ( i=0; i<argc; i++ ) {
500 if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
501 fstrcpy( ntgroup, get_string_param( argv[i] ) );
503 d_fprintf(stderr, _("must supply a name\n"));
507 else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
508 fstrcpy( sid_string, get_string_param( argv[i] ) );
509 if ( !sid_string[0] ) {
510 d_fprintf(stderr, _("must supply a SID\n"));
515 d_fprintf(stderr, _("Bad option: %s\n"), argv[i]);
520 if ( !ntgroup[0] && !sid_string[0]) {
521 d_printf(_("Usage:\n"),"%s\n", delete_usage_str);
525 /* give preference to the SID if we have that */
528 fstrcpy( ntgroup, sid_string );
530 if ( !get_sid_from_input(&sid, ntgroup) ) {
531 d_fprintf(stderr, _("Unable to resolve group %s to a SID\n"),
536 if ( !NT_STATUS_IS_OK(pdb_delete_group_mapping_entry(sid)) ) {
538 _("Failed to remove group %s from the mapping db!\n"),
543 d_printf(_("Sucessfully removed %s from the mapping db\n"), ntgroup);
548 static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
550 const char *ntgroup = NULL;
551 struct group *grp = NULL;
553 bool have_map = false;
555 if ((argc < 1) || (argc > 2) || c->display_usage) {
556 d_printf(_("Usage:"), _(" net groupmap set \"NT Group\" "
557 "[\"unix group\"] [-C \"comment\"] [-L] [-D]\n"));
561 if ( c->opt_localgroup && c->opt_domaingroup ) {
562 d_printf(_("Can only specify -L or -D, not both\n"));
569 grp = getgrnam(argv[1]);
572 d_fprintf(stderr, _("Could not find unix group %s\n"),
578 have_map = pdb_getgrnam(&map, ntgroup);
582 have_map = ( (strncmp(ntgroup, "S-", 2) == 0) &&
583 string_to_sid(&sid, ntgroup) &&
584 pdb_getgrsid(&map, sid) );
593 _("Could not find group mapping for %s\n"),
598 map.gid = grp->gr_gid;
600 if (c->opt_rid == 0) {
601 if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) {
602 if ( !pdb_new_rid((uint32*)&c->opt_rid) ) {
604 _("Could not allocate new RID\n"));
608 c->opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid);
612 sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
614 map.sid_name_use = SID_NAME_DOM_GRP;
615 fstrcpy(map.nt_name, ntgroup);
616 fstrcpy(map.comment, "");
618 if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
620 _("Could not add mapping entry for %s\n"),
626 /* Now we have a mapping entry, update that stuff */
628 if ( c->opt_localgroup || c->opt_domaingroup ) {
629 if (map.sid_name_use == SID_NAME_WKN_GRP) {
631 _("Can't change type of the BUILTIN "
638 if (c->opt_localgroup)
639 map.sid_name_use = SID_NAME_ALIAS;
641 if (c->opt_domaingroup)
642 map.sid_name_use = SID_NAME_DOM_GRP;
644 /* The case (opt_domaingroup && opt_localgroup) was tested for above */
646 if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) {
647 fstrcpy(map.comment, c->opt_comment);
650 if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) {
651 fstrcpy(map.nt_name, c->opt_newntname);
655 map.gid = grp->gr_gid;
657 if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) {
658 d_fprintf(stderr, _("Could not update group mapping for %s\n"),
666 static int net_groupmap_cleanup(struct net_context *c, int argc, const char **argv)
668 GROUP_MAP *map = NULL;
671 if (c->display_usage) {
672 d_printf(_("Usage:\n"),
673 "net groupmap cleanup\n"
674 " ",_("Delete all group mappings\n"));
678 if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries,
680 d_fprintf(stderr, _("Could not list group mappings\n"));
684 for (i=0; i<entries; i++) {
686 if (map[i].gid == -1)
687 printf(_("Group %s is not mapped\n"), map[i].nt_name);
689 if (!sid_check_is_in_our_domain(&map[i].sid)) {
690 printf(_("Deleting mapping for NT Group %s, sid %s\n"),
692 sid_string_tos(&map[i].sid));
693 pdb_delete_group_mapping_entry(map[i].sid);
702 static int net_groupmap_addmem(struct net_context *c, int argc, const char **argv)
704 DOM_SID alias, member;
708 !string_to_sid(&alias, argv[0]) ||
709 !string_to_sid(&member, argv[1]) ) {
710 d_printf(_("Usage:"), _("net groupmap addmem alias-sid member-sid\n"));
714 if (!NT_STATUS_IS_OK(pdb_add_aliasmem(&alias, &member))) {
715 d_fprintf(stderr, _("Could not add sid %s to alias %s\n"),
723 static int net_groupmap_delmem(struct net_context *c, int argc, const char **argv)
725 DOM_SID alias, member;
729 !string_to_sid(&alias, argv[0]) ||
730 !string_to_sid(&member, argv[1]) ) {
731 d_printf(_("Usage:"), _(" net groupmap delmem alias-sid member-sid\n"));
735 if (!NT_STATUS_IS_OK(pdb_del_aliasmem(&alias, &member))) {
736 d_fprintf(stderr, _("Could not delete sid %s from alias %s\n"),
744 static int net_groupmap_listmem(struct net_context *c, int argc, const char **argv)
752 !string_to_sid(&alias, argv[0]) ) {
753 d_printf(_("Usage:"), _(" net groupmap listmem alias-sid\n"));
760 if (!NT_STATUS_IS_OK(pdb_enum_aliasmem(&alias, talloc_tos(),
762 d_fprintf(stderr, _("Could not list members for sid %s\n"),
767 for (i = 0; i < num; i++) {
768 printf("%s\n", sid_string_tos(&(members[i])));
771 TALLOC_FREE(members);
776 static bool print_alias_memberships(TALLOC_CTX *mem_ctx,
777 const DOM_SID *domain_sid,
778 const DOM_SID *member)
781 size_t i, num_alias_rids;
786 if (!NT_STATUS_IS_OK(pdb_enum_alias_memberships(
787 mem_ctx, domain_sid, member, 1,
788 &alias_rids, &num_alias_rids))) {
789 d_fprintf(stderr, _("Could not list memberships for sid %s\n"),
790 sid_string_tos(member));
794 for (i = 0; i < num_alias_rids; i++) {
796 sid_compose(&alias, domain_sid, alias_rids[i]);
797 printf("%s\n", sid_string_tos(&alias));
803 static int net_groupmap_memberships(struct net_context *c, int argc, const char **argv)
806 DOM_SID *domain_sid, *builtin_sid, member;
810 !string_to_sid(&member, argv[0]) ) {
811 d_printf(_("Usage:"), _(" net groupmap memberof sid\n"));
815 mem_ctx = talloc_init("net_groupmap_memberships");
816 if (mem_ctx == NULL) {
817 d_fprintf(stderr, _("talloc_init failed\n"));
821 domain_sid = get_global_sam_sid();
822 builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32");
823 if ((domain_sid == NULL) || (builtin_sid == NULL)) {
824 d_fprintf(stderr, _("Could not get domain sid\n"));
828 if (!print_alias_memberships(mem_ctx, domain_sid, &member) ||
829 !print_alias_memberships(mem_ctx, builtin_sid, &member))
832 talloc_destroy(mem_ctx);
837 /***********************************************************
838 migrated functionality from smbgroupedit
839 **********************************************************/
840 int net_groupmap(struct net_context *c, int argc, const char **argv)
842 struct functable func[] = {
847 N_("Create a new group mapping"),
848 N_("net groupmap add\n"
849 " Create a new group mapping")
855 N_("Update a group mapping"),
856 N_("net groupmap modify\n"
857 " Modify an existing group mapping")
863 N_("Remove a group mapping"),
864 N_("net groupmap delete\n"
865 " Remove a group mapping")
871 N_("Set group mapping"),
872 N_("net groupmap set\n"
873 " Set a group mapping")
877 net_groupmap_cleanup,
879 N_("Remove foreign group mapping entries"),
880 N_("net groupmap cleanup\n"
881 " Remove foreign group mapping entries")
887 N_("Add a foreign alias member"),
888 N_("net groupmap addmem\n"
889 " Add a foreign alias member")
895 N_("Delete foreign alias member"),
896 N_("net groupmap delmem\n"
897 " Delete foreign alias member")
901 net_groupmap_listmem,
903 N_("List foreign group members"),
904 N_("net groupmap listmem\n"
905 " List foreign alias members")
909 net_groupmap_memberships,
911 N_("List foreign group memberships"),
912 N_("net groupmap memberships\n"
913 " List foreign group memberships")
919 N_("List current group map"),
920 N_("net groupmap list\n"
921 " List current group map")
923 {NULL, NULL, 0, NULL, NULL}
926 return net_run_function(c,argc, argv, "net groupmap", func);
git.samba.org / ira / wip.git / blob