*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
*/
static int net_sam_userset(int argc, const char **argv, const char *field,
- BOOL (*fn)(struct samu *, const char *,
+ bool (*fn)(struct samu *, const char *,
enum pdb_value_state))
{
struct samu *sam_acct = NULL;
DOM_SID sid;
- enum SID_NAME_USE type;
+ enum lsa_SidType type;
const char *dom, *name;
NTSTATUS status;
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
{
struct samu *sam_acct = NULL;
DOM_SID sid;
- enum SID_NAME_USE type;
+ enum lsa_SidType type;
const char *dom, *name;
NTSTATUS status;
uint16 acct_flags;
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
}
/*
- * Set a user's time field
+ * Set pass last change time, based on force pass change now
*/
-static int net_sam_set_time(int argc, const char **argv, const char *field,
- BOOL (*fn)(struct samu *, time_t,
- enum pdb_value_state))
+static int net_sam_set_pwdmustchangenow(int argc, const char **argv)
{
struct samu *sam_acct = NULL;
DOM_SID sid;
- enum SID_NAME_USE type;
+ enum lsa_SidType type;
const char *dom, *name;
NTSTATUS status;
- time_t new_time;
- if (argc != 2) {
- d_fprintf(stderr, "usage: net sam set %s <user> "
- "[now|YYYY-MM-DD HH:MM]\n", field);
+ if ((argc != 2) || (!strequal(argv[1], "yes") &&
+ !strequal(argv[1], "no"))) {
+ d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n");
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
return -1;
}
- if (strequal(argv[1], "now")) {
- new_time = time(NULL);
- } else {
- struct tm tm;
- char *end;
- ZERO_STRUCT(tm);
- end = strptime(argv[1], "%Y-%m-%d %H:%M", &tm);
- new_time = mktime(&tm);
- if ((end == NULL) || (*end != '\0') || (new_time == -1)) {
- d_fprintf(stderr, "Could not parse time string %s\n",
- argv[1]);
- return -1;
- }
- }
-
-
if ( !(sam_acct = samu_new( NULL )) ) {
d_fprintf(stderr, "Internal error\n");
return -1;
return -1;
}
- if (!fn(sam_acct, new_time, PDB_CHANGED)) {
- d_fprintf(stderr, "Internal error\n");
- return -1;
+ if (strequal(argv[1], "yes")) {
+ pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED);
+ } else {
+ pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED);
}
status = pdb_update_sam_account(sam_acct);
TALLOC_FREE(sam_acct);
- d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]);
+ d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom,
+ name, argv[1]);
return 0;
}
-static int net_sam_set_pwdmustchange(int argc, const char **argv)
-{
- return net_sam_set_time(argc, argv, "pwdmustchange",
- pdb_set_pass_must_change_time);
-}
-
-static int net_sam_set_pwdcanchange(int argc, const char **argv)
-{
- return net_sam_set_time(argc, argv, "pwdcanchange",
- pdb_set_pass_can_change_time);
-}
/*
* Set a user's or a group's comment
{
GROUP_MAP map;
DOM_SID sid;
- enum SID_NAME_USE type;
+ enum lsa_SidType type;
const char *dom, *name;
NTSTATUS status;
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
"Disable/Enable a user's lockout flag" },
{ "pwnoexp", net_sam_set_pwnoexp,
"Disable/Enable whether a user's pw does not expire" },
- { "pwdmustchange", net_sam_set_pwdmustchange,
- "Set a users password must change time" },
- { "pwdcanchange", net_sam_set_pwdcanchange,
- "Set a users password can change time" },
+ { "pwdmustchangenow", net_sam_set_pwdmustchangenow,
+ "Force users password must change at next logon" },
{NULL, NULL}
};
return net_run_function2(argc, argv, "net sam set", func);
}
+/*
+ * Manage account policies
+ */
+
+static int net_sam_policy_set(int argc, const char **argv)
+{
+ const char *account_policy = NULL;
+ uint32 value = 0;
+ uint32 old_value = 0;
+ int field;
+ char *endptr;
+
+ if (argc != 2) {
+ d_fprintf(stderr, "usage: net sam policy set "
+ "\"<account policy>\" <value> \n");
+ return -1;
+ }
+
+ account_policy = argv[0];
+ field = account_policy_name_to_fieldnum(account_policy);
+
+ if (strequal(argv[1], "forever") || strequal(argv[1], "never")
+ || strequal(argv[1], "off")) {
+ value = -1;
+ }
+ else {
+ value = strtoul(argv[1], &endptr, 10);
+
+ if ((endptr == argv[1]) || (endptr[0] != '\0')) {
+ d_printf("Unable to set policy \"%s\"! Invalid value "
+ "\"%s\".\n",
+ account_policy, argv[1]);
+ return -1;
+ }
+ }
+
+ if (field == 0) {
+ const char **names;
+ int i, count;
+
+ account_policy_names_list(&names, &count);
+ d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]);
+ d_fprintf(stderr, "Valid account policies are:\n");
+
+ for (i=0; i<count; i++) {
+ d_fprintf(stderr, "%s\n", names[i]);
+ }
+
+ SAFE_FREE(names);
+ return -1;
+ }
+
+ if (!pdb_get_account_policy(field, &old_value)) {
+ d_fprintf(stderr, "Valid account policy, but unable to fetch "
+ "value!\n");
+ } else {
+ d_printf("Account policy \"%s\" value was: %d\n", account_policy,
+ old_value);
+ }
+
+ if (!pdb_set_account_policy(field, value)) {
+ d_fprintf(stderr, "Valid account policy, but unable to "
+ "set value!\n");
+ return -1;
+ } else {
+ d_printf("Account policy \"%s\" value is now: %d\n", account_policy,
+ value);
+ }
+
+ return 0;
+}
+
+static int net_sam_policy_show(int argc, const char **argv)
+{
+ const char *account_policy = NULL;
+ uint32 old_value;
+ int field;
+
+ if (argc != 1) {
+ d_fprintf(stderr, "usage: net sam policy show"
+ " \"<account policy>\" \n");
+ return -1;
+ }
+
+ account_policy = argv[0];
+ field = account_policy_name_to_fieldnum(account_policy);
+
+ if (field == 0) {
+ const char **names;
+ int count;
+ int i;
+ account_policy_names_list(&names, &count);
+ d_fprintf(stderr, "No account policy by that name!\n");
+ if (count != 0) {
+ d_fprintf(stderr, "Valid account policies "
+ "are:\n");
+ for (i=0; i<count; i++) {
+ d_fprintf(stderr, "%s\n", names[i]);
+ }
+ }
+ SAFE_FREE(names);
+ return -1;
+ }
+
+ if (!pdb_get_account_policy(field, &old_value)) {
+ fprintf(stderr, "Valid account policy, but unable to "
+ "fetch value!\n");
+ return -1;
+ }
+
+ printf("Account policy \"%s\" description: %s\n",
+ account_policy, account_policy_get_desc(field));
+ printf("Account policy \"%s\" value is: %d\n", account_policy,
+ old_value);
+ return 0;
+}
+
+static int net_sam_policy_list(int argc, const char **argv)
+{
+ const char **names;
+ int count;
+ int i;
+ account_policy_names_list(&names, &count);
+ if (count != 0) {
+ d_fprintf(stderr, "Valid account policies "
+ "are:\n");
+ for (i = 0; i < count ; i++) {
+ d_fprintf(stderr, "%s\n", names[i]);
+ }
+ }
+ SAFE_FREE(names);
+ return -1;
+}
+
+static int net_sam_policy(int argc, const char **argv)
+{
+ struct functable2 func[] = {
+ { "list", net_sam_policy_list,
+ "List account policies" },
+ { "show", net_sam_policy_show,
+ "Show account policies" },
+ { "set", net_sam_policy_set,
+ "Change account policies" },
+ {NULL, NULL}
+ };
+
+ return net_run_function2(argc, argv, "net sam policy", func);
+}
+
+extern PRIVS privs[];
+
+static int net_sam_rights_list(int argc, const char **argv)
+{
+ SE_PRIV mask;
+
+ if (argc > 1) {
+ d_fprintf(stderr, "usage: net sam rights list [name]\n");
+ return -1;
+ }
+
+ if (argc == 0) {
+ int i;
+ int num = count_all_privileges();
+
+ for (i=0; i<num; i++) {
+ d_printf("%s\n", privs[i].name);
+ }
+ return 0;
+ }
+
+ if (se_priv_from_name(argv[0], &mask)) {
+ DOM_SID *sids;
+ int i, num_sids;
+ NTSTATUS status;
+
+ status = privilege_enum_sids(&mask, talloc_tos(),
+ &sids, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "Could not list rights: %s\n",
+ nt_errstr(status));
+ return -1;
+ }
+
+ for (i=0; i<num_sids; i++) {
+ const char *dom, *name;
+ enum lsa_SidType type;
+
+ if (lookup_sid(talloc_tos(), &sids[i], &dom, &name,
+ &type)) {
+ d_printf("%s\\%s\n", dom, name);
+ }
+ else {
+ d_printf("%s\n", sid_string_tos(&sids[i]));
+ }
+ }
+ return 0;
+ }
+
+ return -1;
+}
+
+static int net_sam_rights_grant(int argc, const char **argv)
+{
+ DOM_SID sid;
+ enum lsa_SidType type;
+ const char *dom, *name;
+ SE_PRIV mask;
+
+ if (argc != 2) {
+ d_fprintf(stderr, "usage: net sam rights grant <name> "
+ "<right>\n");
+ return -1;
+ }
+
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
+ &dom, &name, &sid, &type)) {
+ d_fprintf(stderr, "Could not find name %s\n", argv[0]);
+ return -1;
+ }
+
+ if (!se_priv_from_name(argv[1], &mask)) {
+ d_fprintf(stderr, "%s unknown\n", argv[1]);
+ return -1;
+ }
+
+ if (!grant_privilege(&sid, &mask)) {
+ d_fprintf(stderr, "Could not grant privilege\n");
+ return -1;
+ }
+
+ d_printf("Granted %s to %s\\%s\n", argv[1], dom, name);
+ return 0;
+}
+
+static int net_sam_rights_revoke(int argc, const char **argv)
+{
+ DOM_SID sid;
+ enum lsa_SidType type;
+ const char *dom, *name;
+ SE_PRIV mask;
+
+ if (argc != 2) {
+ d_fprintf(stderr, "usage: net sam rights revoke <name> "
+ "<right>\n");
+ return -1;
+ }
+
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
+ &dom, &name, &sid, &type)) {
+ d_fprintf(stderr, "Could not find name %s\n", argv[0]);
+ return -1;
+ }
+
+ if (!se_priv_from_name(argv[1], &mask)) {
+ d_fprintf(stderr, "%s unknown\n", argv[1]);
+ return -1;
+ }
+
+ if (!revoke_privilege(&sid, &mask)) {
+ d_fprintf(stderr, "Could not revoke privilege\n");
+ return -1;
+ }
+
+ d_printf("Revoked %s from %s\\%s\n", argv[1], dom, name);
+ return 0;
+}
+
+static int net_sam_rights(int argc, const char **argv)
+{
+ struct functable2 func[] = {
+ { "list", net_sam_rights_list,
+ "List possible user rights" },
+ { "grant", net_sam_rights_grant,
+ "Grant a right" },
+ { "revoke", net_sam_rights_revoke,
+ "Revoke a right" },
+ { NULL }
+ };
+ return net_run_function2(argc, argv, "net sam rights", func);
+}
+
/*
* Map a unix group to a domain group
*/
+static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
+{
+ NTSTATUS status;
+ GROUP_MAP map;
+ const char *grpname, *dom, *name;
+ uint32 rid;
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ return NT_STATUS_GROUP_EXISTS;
+ }
+
+ map.gid = grp->gr_gid;
+ grpname = grp->gr_name;
+
+ if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+ &dom, &name, NULL, NULL)) {
+
+ const char *tmp = talloc_asprintf(
+ talloc_tos(), "Unix Group %s", grp->gr_name);
+
+ DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
+ grpname, dom, name, tmp));
+ grpname = tmp;
+ }
+
+ if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+ NULL, NULL, NULL, NULL)) {
+ DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
+ return NT_STATUS_GROUP_EXISTS;
+ }
+
+ fstrcpy(map.nt_name, grpname);
+
+ if (pdb_rid_algorithm()) {
+ rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
+ } else {
+ if (!pdb_new_rid(&rid)) {
+ DEBUG(3, ("Could not get a new RID for %s\n",
+ grp->gr_name));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ sid_compose(&map.sid, get_global_sam_sid(), rid);
+ map.sid_name_use = SID_NAME_DOM_GRP;
+ fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s",
+ grp->gr_name));
+
+ status = pdb_add_group_mapping_entry(&map);
+ if (NT_STATUS_IS_OK(status)) {
+ *pmap = map;
+ }
+ return status;
+}
+
static int net_sam_mapunixgroup(int argc, const char **argv)
{
NTSTATUS status;
}
d_printf("Mapped unix group %s to SID %s\n", argv[0],
- sid_string_static(&map.sid));
+ sid_string_tos(&map.sid));
+
+ return 0;
+}
+
+/*
+ * Remove a group mapping
+ */
+
+static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
+{
+ NTSTATUS status;
+ GROUP_MAP map;
+ const char *grpname;
+ DOM_SID dom_sid;
+
+ map.gid = grp->gr_gid;
+ grpname = grp->gr_name;
+
+ if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+ NULL, NULL, NULL, NULL)) {
+ DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name));
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+
+ fstrcpy(map.nt_name, grpname);
+
+ if (!pdb_gid_to_sid(map.gid, &dom_sid)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ status = pdb_delete_group_mapping_entry(dom_sid);
+
+ return status;
+}
+
+static int net_sam_unmapunixgroup(int argc, const char **argv)
+{
+ NTSTATUS status;
+ GROUP_MAP map;
+ struct group *grp;
+
+ if (argc != 1) {
+ d_fprintf(stderr, "usage: net sam unmapunixgroup <name>\n");
+ return -1;
+ }
+
+ grp = getgrnam(argv[0]);
+ if (grp == NULL) {
+ d_fprintf(stderr, "Could not find mapping for group %s.\n", argv[0]);
+ return -1;
+ }
+
+ status = unmap_unix_group(grp, &map);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "Unmapping group %s failed with %s.\n",
+ argv[0], nt_errstr(status));
+ return -1;
+ }
+
+ d_printf("Unmapped unix group %s.\n", argv[0]);
return 0;
}
return 0;
}
+/*
+ * Delete a local group
+ */
+
+static int net_sam_deletelocalgroup(int argc, const char **argv)
+{
+ DOM_SID sid;
+ enum lsa_SidType type;
+ const char *dom, *name;
+ NTSTATUS status;
+
+ if (argc != 1) {
+ d_fprintf(stderr, "usage: net sam deletelocalgroup <name>\n");
+ return -1;
+ }
+
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
+ &dom, &name, &sid, &type)) {
+ d_fprintf(stderr, "Could not find %s.\n", argv[0]);
+ return -1;
+ }
+
+ if (type != SID_NAME_ALIAS) {
+ d_fprintf(stderr, "%s is a %s, not a local group.\n", argv[0],
+ sid_type_lookup(type));
+ return -1;
+ }
+
+ status = pdb_delete_alias(&sid);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "Deleting local group %s failed with %s\n",
+ argv[0], nt_errstr(status));
+ return -1;
+ }
+
+ d_printf("Deleted local group %s.\n", argv[0]);
+
+ return 0;
+}
+
+/*
+ * Create a local group
+ */
+
+static int net_sam_createbuiltingroup(int argc, const char **argv)
+{
+ NTSTATUS status;
+ uint32 rid;
+ enum lsa_SidType type;
+ fstring groupname;
+ DOM_SID sid;
+
+ if (argc != 1) {
+ d_fprintf(stderr, "usage: net sam createbuiltingroup <name>\n");
+ return -1;
+ }
+
+ if (!winbind_ping()) {
+ d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
+ "only works when winbind runs.\n");
+ return -1;
+ }
+
+ /* validate the name and get the group */
+
+ fstrcpy( groupname, "BUILTIN\\" );
+ fstrcat( groupname, argv[0] );
+
+ if ( !lookup_name(talloc_tos(), groupname, LOOKUP_NAME_ALL, NULL,
+ NULL, &sid, &type)) {
+ d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]);
+ return -1;
+ }
+
+ if ( !sid_peek_rid( &sid, &rid ) ) {
+ d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]);
+ return -1;
+ }
+
+ status = pdb_create_builtin_alias( rid );
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "Creating %s failed with %s\n",
+ argv[0], nt_errstr(status));
+ return -1;
+ }
+
+ d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid);
+
+ return 0;
+}
+
/*
* Add a group member
*/
{
const char *groupdomain, *groupname, *memberdomain, *membername;
DOM_SID group, member;
- enum SID_NAME_USE grouptype, membertype;
+ enum lsa_SidType grouptype, membertype;
NTSTATUS status;
if (argc != 2) {
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&groupdomain, &groupname, &group, &grouptype)) {
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED,
- &memberdomain, &membername, &member, &membertype)) {
- d_fprintf(stderr, "Could not find member %s\n", argv[1]);
- return -1;
+ /* check to see if the member to be added is a name or a SID */
+
+ if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL,
+ &memberdomain, &membername, &member, &membertype))
+ {
+ /* try it as a SID */
+
+ if ( !string_to_sid( &member, argv[1] ) ) {
+ d_fprintf(stderr, "Could not find member %s\n", argv[1]);
+ return -1;
+ }
+
+ if ( !lookup_sid(talloc_tos(), &member, &memberdomain,
+ &membername, &membertype) )
+ {
+ d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]);
+ return -1;
+ }
}
if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) {
return -1;
}
- d_printf("Added %s\\%s to %s\\%s\n",
- memberdomain, membername, groupdomain, groupname);
+ d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername,
+ groupdomain, groupname);
return 0;
}
const char *memberdomain = NULL;
const char *membername = NULL;
DOM_SID group, member;
- enum SID_NAME_USE grouptype;
+ enum lsa_SidType grouptype;
NTSTATUS status;
if (argc != 2) {
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&groupdomain, &groupname, &group, &grouptype)) {
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL,
&memberdomain, &membername, &member, NULL)) {
if (!string_to_sid(&member, argv[1])) {
d_fprintf(stderr, "Could not find member %s\n",
memberdomain, membername, groupdomain, groupname);
} else {
d_printf("Deleted %s from %s\\%s\n",
- sid_string_static(&member), groupdomain, groupname);
+ sid_string_tos(&member), groupdomain, groupname);
}
return 0;
{
const char *groupdomain, *groupname;
DOM_SID group;
- enum SID_NAME_USE grouptype;
+ enum lsa_SidType grouptype;
NTSTATUS status;
if (argc != 1) {
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&groupdomain, &groupname, &group, &grouptype)) {
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
return -1;
return -1;
}
- d_printf("%s\\%s has %d members\n", groupdomain, groupname,
- num_members);
+ d_printf("%s\\%s has %u members\n", groupdomain, groupname,
+ (unsigned int)num_members);
for (i=0; i<num_members; i++) {
const char *dom, *name;
- if (lookup_sid(tmp_talloc_ctx(), &members[i],
+ if (lookup_sid(talloc_tos(), &members[i],
&dom, &name, NULL)) {
d_printf(" %s\\%s\n", dom, name);
} else {
- d_printf(" %s\n",
- sid_string_static(&members[i]));
+ d_printf(" %s\n", sid_string_tos(&members[i]));
}
}
+
+ TALLOC_FREE(members);
} else {
d_fprintf(stderr, "Can only list local group members so far.\n"
"%s is a %s\n", argv[0], sid_type_lookup(grouptype));
static int net_sam_do_list(int argc, const char **argv,
struct pdb_search *search, const char *what)
{
- BOOL verbose = (argc == 1);
+ bool verbose = (argc == 1);
if ((argc > 1) ||
((argc == 1) && !strequal(argv[0], "verbose"))) {
static int net_sam_show(int argc, const char **argv)
{
DOM_SID sid;
- enum SID_NAME_USE type;
+ enum lsa_SidType type;
const char *dom, *name;
if (argc != 1) {
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
}
d_printf("%s\\%s is a %s with SID %s\n", dom, name,
- sid_type_lookup(type), sid_string_static(&sid));
+ sid_type_lookup(type), sid_string_tos(&sid));
return 0;
}
return -1;
}
- ldap_bk = talloc_strdup(tc, lp_passdb_backend());
+ if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) {
+ d_fprintf(stderr, "talloc failed\n");
+ talloc_free(tc);
+ return -1;
+ }
p = strchr(ldap_bk, ':');
if (p) {
*p = 0;
goto failed;
}
- if (!NT_STATUS_IS_OK(smbldap_init(tc, ldap_uri, &ls))) {
+ if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &ls))) {
d_fprintf(stderr, "Unable to connect to the LDAP server.\n");
goto failed;
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
+ sid_string_talloc(tc, &gsid));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
talloc_autofree_ldapmod(tc, mods);
d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n");
}
} else {
+ domusers_gid = gmap.gid;
d_printf("found!\n");
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
+ sid_string_talloc(tc, &gsid));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
talloc_autofree_ldapmod(tc, mods);
d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n");
}
} else {
+ domadmins_gid = gmap.gid;
d_printf("found!\n");
}
d_printf("Adding the Administrator user.\n");
if (domadmins_gid == -1) {
- d_fprintf(stderr, "Can't create Administrtor user, Domain Admins group not available!\n");
+ d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n");
goto done;
}
if (!winbind_allocate_uid(&uid)) {
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID",
+ sid_string_talloc(tc, &sid));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
NEW_PW_FORMAT_SPACE_PADDED_LEN));
d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n");
goto done;
}
- pwd = talloc(tc, struct passwd);
+ if ((pwd = talloc(tc, struct passwd)) == NULL) {
+ d_fprintf(stderr, "talloc failed\n");
+ goto done;
+ }
pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
if (!winbind_allocate_uid(&(pwd->pw_uid))) {
d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n");
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid));
+ if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir);
+ }
+ if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell);
+ }
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID",
+ sid_string_talloc(tc, &sid));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
NEW_PW_FORMAT_SPACE_PADDED_LEN));
pwd = getpwnam_alloc(NULL, lp_guestaccount());
if (!pwd) {
d_fprintf(stderr, "Failed to find just created Guest account!\n"
- " Is nssswitch properly configured?!\n");
+ " Is nss properly configured?!\n");
goto failed;
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
+ sid_string_talloc(tc, &gsid));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
talloc_autofree_ldapmod(tc, mods);
talloc_free(tc);
return -1;
}
+
#endif
/***********************************************************
int net_sam(int argc, const char **argv)
{
struct functable2 func[] = {
+ { "createbuiltingroup", net_sam_createbuiltingroup,
+ "Create a new BUILTIN group" },
{ "createlocalgroup", net_sam_createlocalgroup,
"Create a new local group" },
+ { "deletelocalgroup", net_sam_deletelocalgroup,
+ "Delete an existing local group" },
{ "mapunixgroup", net_sam_mapunixgroup,
"Map a unix group to a domain group" },
+ { "unmapunixgroup", net_sam_unmapunixgroup,
+ "Remove a group mapping of an unix group to a domain group" },
{ "addmem", net_sam_addmem,
"Add a member to a group" },
{ "delmem", net_sam_delmem,
"Show details of a SAM entry" },
{ "set", net_sam_set,
"Set details of a SAM account" },
+ { "policy", net_sam_policy,
+ "Set account policies" },
+ { "rights", net_sam_rights,
+ "Manipulate user privileges" },
#ifdef HAVE_LDAP
{ "provision", net_sam_provision,
"Provision a clean User Database" },
{ NULL, NULL, NULL }
};
- /* we shouldn't have silly checks like this */
if (getuid() != 0) {
- d_fprintf(stderr, "You must be root to edit the SAM "
- "directly.\n");
- return -1;
+ d_fprintf(stderr, "You are not root, most things won't "
+ "work\n");
}
return net_run_function2(argc, argv, "net sam", func);