2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-2000,
6 * Copyright (C) Jean François Micouleau 1998-2001.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern pstring global_myname;
26 extern int DEBUGLEVEL;
27 extern DOM_SID global_sam_sid;
30 * Next two lines needed for SunOS and don't
31 * hurt anything else...
36 /*********************************************************
37 Print command usage on stderr and die.
38 **********************************************************/
39 static void usage(void)
42 printf("groupedit options\n");
44 printf("You need to be root to use this tool!\n");
47 printf(" -a group create new group\n");
48 printf(" -n group NT group name\n");
49 printf(" -p privilege only local\n");
50 printf(" -v list groups\n");
51 printf(" -c SID change group\n");
52 printf(" -u unix group\n");
53 printf(" -x group delete this group\n");
55 printf(" -t[b|d|l] type: builtin, domain, local \n");
59 /*********************************************************
61 **********************************************************/
62 int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege)
68 fstring name, comment;
70 /* convert_priv_from_text(&se_priv, privilege);*/
78 local_gid_to_sid(&sid, gid);
79 sid_to_string(string_sid, &sid);
84 fstrcpy(name, ntgroup);
87 fstrcpy(comment, "Local Unix group");
89 fstrcpy(comment, ntcomment);
91 if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv))
97 /*********************************************************
99 **********************************************************/
100 int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *groupdesc, char *privilege)
107 string_to_sid(&sid, sid_string);
109 /* Get the current mapping from the database */
110 if(!get_group_map_from_sid(sid, &map)) {
111 printf("This SID does not exist in the database\n");
115 /* If a new Unix group is specified, check and change */
117 gid=nametogid(group);
119 printf("The UNIX group does not exist\n");
126 * Allow changing of group type only between domain and local
127 * We disallow changing Builtin groups !!! (SID problem)
129 if (sid_type==SID_NAME_ALIAS || sid_type==SID_NAME_DOM_GRP)
130 if (map.sid_name_use==SID_NAME_ALIAS || map.sid_name_use==SID_NAME_DOM_GRP)
131 map.sid_name_use=sid_type;
135 fstrcpy(map.nt_name, ntgroup);
137 /* Change comment if new one */
139 fstrcpy(map.comment, groupdesc);
141 /* Change the privilege if new one */
142 if (privilege!=NULL) {
143 convert_priv_from_text(&se_priv, privilege);
144 map.privilege=se_priv;
147 if (!add_mapping_entry(&map, TDB_REPLACE)) {
148 printf("Count not update group database\n");
155 /*********************************************************
157 **********************************************************/
158 BOOL deletegroup(char *group)
162 string_to_sid(&sid, group);
164 if(!group_map_remove(sid))
170 /*********************************************************
172 **********************************************************/
173 int listgroup(enum SID_NAME_USE sid_type)
181 printf("Unix\tSID\ttype\tnt name\tnt comment\tprivilege\n");
183 if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED))
186 for (i=0; i<entries; i++) {
187 decode_sid_name_use(group_type, (map[i]).sid_name_use);
188 sid_to_string(string_sid, &map[i].sid);
189 convert_priv_to_text(map[i].privilege, priv_text);
191 printf("%s\t%s\t%s\n\t%s\t%s\t%s\n\n", gidtoname(map[i].gid), map[i].nt_name, string_sid,
192 group_type, map[i].comment, priv_text);
198 /*********************************************************
200 **********************************************************/
201 int main (int argc, char **argv)
204 static pstring servicesf = CONFIGFILE;
205 BOOL add_group = False;
206 BOOL view_group = False;
207 BOOL change_group = False;
208 BOOL delete_group = False;
209 BOOL nt_group = False;
211 BOOL group_type = False;
215 char *ntgroup = NULL;
216 char *privilege = NULL;
218 char *group_desc = NULL;
220 enum SID_NAME_USE sid_type;
224 setup_logging("groupedit", True);
231 if(!initialize_password_db(True)) {
232 fprintf(stderr, "Can't setup password database vectors.\n");
236 if (!lp_load(servicesf,True,False,False)) {
237 fprintf(stderr, "Can't load %s - run testparm to debug it\n",
242 while ((ch = getopt(argc, argv, "a:c:d:n:p:t:u:vx:")) != EOF) {
283 if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) {
284 fprintf (stderr, "Incompatible options on command line!\n");
289 /* no option on command line -> list groups */
290 if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
294 if (group_type==False)
295 sid_type=SID_NAME_UNKNOWN;
300 sid_type=SID_NAME_ALIAS;
304 sid_type=SID_NAME_DOM_GRP;
308 sid_type=SID_NAME_WKN_GRP;
311 sid_type=SID_NAME_UNKNOWN;
316 if (init_group_mapping()==False) {
317 printf("Could not open tdb mapping file.\n");
321 if(pdb_generate_sam_sid()==False) {
322 printf("Can not read machine SID\n");
326 default_group_mapping();
329 return addgroup(group, sid_type, ntgroup, group_desc, privilege);
332 return listgroup(sid_type);
335 return deletegroup(group);
338 return changegroup(sid, group, sid_type, ntgroup, group_desc, privilege);