else {
d_printf("%s\n", map.nt_name);
d_printf("\tSID : %s\n", sid_string_static(&map.sid));
+ d_printf("\tUnix gid : %d\n", map.gid);
d_printf("\tUnix group: %s\n", gidtoname(map.gid));
d_printf("\tGroup type: %s\n",
sid_type_lookup(map.sid_name_use));
else if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
fstrcpy( ntgroup, get_string_param( argv[i] ) );
if ( !ntgroup[0] ) {
- d_printf("must supply a name\n");
+ d_fprintf(stderr, "must supply a name\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
fstrcpy( sid_string, get_string_param( argv[i] ) );
if ( !sid_string[0] ) {
- d_printf("must supply a SID\n");
+ d_fprintf(stderr, "must supply a SID\n");
return -1;
}
}
else {
- d_printf("Bad option: %s\n", argv[i]);
+ d_fprintf(stderr, "Bad option: %s\n", argv[i]);
return -1;
}
}
/* Get the current mapping from the database */
if(!pdb_getgrsid(&map, sid)) {
- d_printf("Failure to local group SID in the database\n");
+ d_fprintf(stderr, "Failure to local group SID in the database\n");
return -1;
}
else {
GROUP_MAP *map=NULL;
/* enumerate all group mappings */
- if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
+ if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
return -1;
for (i=0; i<entries; i++) {
uint32 rid = 0;
gid_t gid;
int i;
+ GROUP_MAP map;
+ const char *name_type;
+
+ ZERO_STRUCT(map);
+
+ /* Default is domain group. */
+ map.sid_name_use = SID_NAME_DOM_GRP;
+ name_type = "domain group";
+
/* get the options */
for ( i=0; i<argc; i++ ) {
if ( !StrnCaseCmp(argv[i], "rid", strlen("rid")) ) {
rid = get_int_param(argv[i]);
if ( rid < DOMAIN_GROUP_RID_ADMINS ) {
- d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1);
+ d_fprintf(stderr, "RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1);
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "unixgroup", strlen("unixgroup")) ) {
fstrcpy( unixgrp, get_string_param( argv[i] ) );
if ( !unixgrp[0] ) {
- d_printf("must supply a name\n");
+ d_fprintf(stderr, "must supply a name\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
fstrcpy( ntgroup, get_string_param( argv[i] ) );
if ( !ntgroup[0] ) {
- d_printf("must supply a name\n");
+ d_fprintf(stderr, "must supply a name\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
fstrcpy( string_sid, get_string_param( argv[i] ) );
if ( !string_sid[0] ) {
- d_printf("must supply a SID\n");
+ d_fprintf(stderr, "must supply a SID\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "comment", strlen("comment")) ) {
fstrcpy( ntcomment, get_string_param( argv[i] ) );
if ( !ntcomment[0] ) {
- d_printf("must supply a comment string\n");
+ d_fprintf(stderr, "must supply a comment string\n");
return -1;
}
}
case 'b':
case 'B':
sid_type = SID_NAME_WKN_GRP;
+ name_type = "wellknown group";
break;
case 'd':
case 'D':
sid_type = SID_NAME_DOM_GRP;
+ name_type = "domain group";
break;
case 'l':
case 'L':
sid_type = SID_NAME_ALIAS;
+ name_type = "alias (local) group";
break;
+ default:
+ d_fprintf(stderr, "unknown group type %s\n", type);
+ return -1;
}
}
else {
- d_printf("Bad option: %s\n", argv[i]);
+ d_fprintf(stderr, "Bad option: %s\n", argv[i]);
return -1;
}
}
}
if ( (gid = nametogid(unixgrp)) == (gid_t)-1 ) {
- d_printf("Can't lookup UNIX group %s\n", unixgrp);
+ d_fprintf(stderr, "Can't lookup UNIX group %s\n", unixgrp);
return -1;
}
+
+ {
+ if (pdb_getgrgid(&map, gid)) {
+ d_printf("Unix group %s already mapped to SID %s\n",
+ unixgrp, sid_string_static(&map.sid));
+ return -1;
+ }
+ }
if ( (rid == 0) && (string_sid[0] == '\0') ) {
- d_printf("No rid or sid specified, choosing algorithmic mapping\n");
- rid = pdb_gid_to_group_rid(gid);
+ d_printf("No rid or sid specified, choosing a RID\n");
+ if (pdb_rid_algorithm()) {
+ rid = algorithmic_pdb_gid_to_group_rid(gid);
+ } else {
+ if (!pdb_new_rid(&rid)) {
+ d_printf("Could not get new RID\n");
+ }
+ }
+ d_printf("Got RID %d\n", rid);
}
/* append the rid to our own domain/machine SID if we don't have a full SID */
fstrcpy( ntgroup, unixgrp );
- if (!add_initial_entry(gid, string_sid, sid_type, ntgroup, ntcomment)) {
- d_printf("adding entry for group %s failed!\n", ntgroup);
+ if (!NT_STATUS_IS_OK(add_initial_entry(gid, string_sid, sid_type, ntgroup, ntcomment))) {
+ d_fprintf(stderr, "adding entry for group %s failed!\n", ntgroup);
return -1;
}
- d_printf("Successfully added group %s to the mapping db\n", ntgroup);
+ d_printf("Successfully added group %s to the mapping db as a %s\n",
+ ntgroup, name_type);
return 0;
}
if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
fstrcpy( ntgroup, get_string_param( argv[i] ) );
if ( !ntgroup[0] ) {
- d_printf("must supply a name\n");
+ d_fprintf(stderr, "must supply a name\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
fstrcpy( sid_string, get_string_param( argv[i] ) );
if ( !sid_string[0] ) {
- d_printf("must supply a name\n");
+ d_fprintf(stderr, "must supply a name\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "comment", strlen("comment")) ) {
fstrcpy( ntcomment, get_string_param( argv[i] ) );
if ( !ntcomment[0] ) {
- d_printf("must supply a comment string\n");
+ d_fprintf(stderr, "must supply a comment string\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "unixgroup", strlen("unixgroup")) ) {
fstrcpy( unixgrp, get_string_param( argv[i] ) );
if ( !unixgrp[0] ) {
- d_printf("must supply a group name\n");
+ d_fprintf(stderr, "must supply a group name\n");
return -1;
}
}
}
}
else {
- d_printf("Bad option: %s\n", argv[i]);
+ d_fprintf(stderr, "Bad option: %s\n", argv[i]);
return -1;
}
}
/* Get the current mapping from the database */
if(!pdb_getgrsid(&map, sid)) {
- d_printf("Failure to local group SID in the database\n");
+ d_fprintf(stderr, "Failure to local group SID in the database\n");
return -1;
}
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups !!! (SID problem)
*/
- if (sid_type != SID_NAME_UNKNOWN) {
- if (map.sid_name_use == SID_NAME_WKN_GRP) {
- d_printf("You can only change between domain and local groups.\n");
- return -1;
- }
-
- map.sid_name_use=sid_type;
+ if (sid_type == SID_NAME_UNKNOWN) {
+ d_fprintf(stderr, "Can't map to an unknown group type.\n");
+ return -1;
+ }
+
+ if (map.sid_name_use == SID_NAME_WKN_GRP) {
+ d_fprintf(stderr, "You can only change between domain and local groups.\n");
+ return -1;
}
+ map.sid_name_use=sid_type;
+
/* Change comment if new one */
if ( ntcomment[0] )
fstrcpy( map.comment, ntcomment );
if ( unixgrp[0] ) {
gid = nametogid( unixgrp );
if ( gid == -1 ) {
- d_printf("Unable to lookup UNIX group %s. Make sure the group exists.\n",
+ d_fprintf(stderr, "Unable to lookup UNIX group %s. Make sure the group exists.\n",
unixgrp);
return -1;
}
map.gid = gid;
}
- if ( !pdb_update_group_mapping_entry(&map) ) {
- d_printf("Could not update group database\n");
+ if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
+ d_fprintf(stderr, "Could not update group database\n");
return -1;
}
if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {
fstrcpy( ntgroup, get_string_param( argv[i] ) );
if ( !ntgroup[0] ) {
- d_printf("must supply a name\n");
+ d_fprintf(stderr, "must supply a name\n");
return -1;
}
}
else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {
fstrcpy( sid_string, get_string_param( argv[i] ) );
if ( !sid_string[0] ) {
- d_printf("must supply a SID\n");
+ d_fprintf(stderr, "must supply a SID\n");
return -1;
}
}
else {
- d_printf("Bad option: %s\n", argv[i]);
+ d_fprintf(stderr, "Bad option: %s\n", argv[i]);
return -1;
}
}
fstrcpy( ntgroup, sid_string );
if ( !get_sid_from_input(&sid, ntgroup) ) {
- d_printf("Unable to resolve group %s to a SID\n", ntgroup);
+ d_fprintf(stderr, "Unable to resolve group %s to a SID\n", ntgroup);
return -1;
}
- if ( !pdb_delete_group_mapping_entry(sid) ) {
- printf("Failed to removing group %s from the mapping db!\n", ntgroup);
+ if ( !NT_STATUS_IS_OK(pdb_delete_group_mapping_entry(sid)) ) {
+ d_fprintf(stderr, "Failed to removing group %s from the mapping db!\n", ntgroup);
return -1;
}
grp = getgrnam(argv[1]);
if (grp == NULL) {
- d_printf("Could not find unix group %s\n", argv[1]);
+ d_fprintf(stderr, "Could not find unix group %s\n", argv[1]);
return -1;
}
}
/* Ok, add it */
if (grp == NULL) {
- d_printf("Could not find group mapping for %s\n",
+ d_fprintf(stderr, "Could not find group mapping for %s\n",
ntgroup);
return -1;
}
map.gid = grp->gr_gid;
if (opt_rid == 0) {
- opt_rid = pdb_gid_to_group_rid(map.gid);
+ if ( pdb_rid_algorithm() )
+ opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid);
+ else {
+ if ( !pdb_new_rid((uint32*)&opt_rid) ) {
+ d_fprintf( stderr, "Could not allocate new RID\n");
+ return -1;
+ }
+ }
}
sid_copy(&map.sid, get_global_sam_sid());
fstrcpy(map.nt_name, ntgroup);
fstrcpy(map.comment, "");
- if (!pdb_add_group_mapping_entry(&map)) {
- d_printf("Could not add mapping entry for %s\n",
+ if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
+ d_fprintf(stderr, "Could not add mapping entry for %s\n",
ntgroup);
return -1;
}
if ( opt_localgroup || opt_domaingroup ) {
if (map.sid_name_use == SID_NAME_WKN_GRP) {
- d_printf("Can't change type of the BUILTIN group %s\n",
+ d_fprintf(stderr, "Can't change type of the BUILTIN group %s\n",
map.nt_name);
return -1;
}
if (grp != NULL)
map.gid = grp->gr_gid;
- if (!pdb_update_group_mapping_entry(&map)) {
- d_printf("Could not update group mapping for %s\n", ntgroup);
+ if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) {
+ d_fprintf(stderr, "Could not update group mapping for %s\n", ntgroup);
return -1;
}
GROUP_MAP *map = NULL;
size_t i, entries;
- if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &entries,
+ if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries,
ENUM_ALL_MAPPED)) {
- d_printf("Could not list group mappings\n");
+ d_fprintf(stderr, "Could not list group mappings\n");
return -1;
}
for (i=0; i<entries; i++) {
- if (map[i].sid_name_use == SID_NAME_WKN_GRP)
- continue;
-
if (map[i].gid == -1)
printf("Group %s is not mapped\n", map[i].nt_name);
return -1;
}
- if (!pdb_add_aliasmem(&alias, &member)) {
- d_printf("Could not add sid %s to alias %s\n",
+ if (!NT_STATUS_IS_OK(pdb_add_aliasmem(&alias, &member))) {
+ d_fprintf(stderr, "Could not add sid %s to alias %s\n",
argv[1], argv[0]);
return -1;
}
return -1;
}
- if (!pdb_del_aliasmem(&alias, &member)) {
- d_printf("Could not delete sid %s from alias %s\n",
+ if (!NT_STATUS_IS_OK(pdb_del_aliasmem(&alias, &member))) {
+ d_fprintf(stderr, "Could not delete sid %s from alias %s\n",
argv[1], argv[0]);
return -1;
}
members = NULL;
num = 0;
- if (!pdb_enum_aliasmem(&alias, &members, &num)) {
- d_printf("Could not list members for sid %s\n", argv[0]);
+ if (!NT_STATUS_IS_OK(pdb_enum_aliasmem(&alias, &members, &num))) {
+ d_fprintf(stderr, "Could not list members for sid %s\n", argv[0]);
return -1;
}
alias_rids = NULL;
num_alias_rids = 0;
- if (!pdb_enum_alias_memberships(mem_ctx, domain_sid, member, 1,
- &alias_rids, &num_alias_rids)) {
- d_printf("Could not list memberships for sid %s\n",
+ if (!NT_STATUS_IS_OK(pdb_enum_alias_memberships(
+ mem_ctx, domain_sid, member, 1,
+ &alias_rids, &num_alias_rids))) {
+ d_fprintf(stderr, "Could not list memberships for sid %s\n",
sid_string_static(member));
return False;
}
mem_ctx = talloc_init("net_groupmap_memberships");
if (mem_ctx == NULL) {
- d_printf("talloc_init failed\n");
+ d_fprintf(stderr, "talloc_init failed\n");
return -1;
}
domain_sid = get_global_sam_sid();
builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32");
if ((domain_sid == NULL) || (builtin_sid == NULL)) {
- d_printf("Could not get domain sid\n");
+ d_fprintf(stderr, "Could not get domain sid\n");
return -1;
}
/* we shouldn't have silly checks like this */
if (getuid() != 0) {
- d_printf("You must be root to edit group mappings.\nExiting...\n");
+ d_fprintf(stderr, "You must be root to edit group mappings.\n");
return -1;
}