summaryrefslogtreecommitdiff
path: root/source3/utils/net_groupmap.c
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-02-29 16:48:19 +0000
committerVolker Lendecke <vlendec@samba.org>2004-02-29 16:48:19 +0000
commit0d45ad1b0d55546c6a4afcb002acefefc2e2feb0 (patch)
tree34fa0e74191cef6a5070a0e1499c919a43b4f64d /source3/utils/net_groupmap.c
parent4628a2da1e32f397696640452c950e4b55ada9e7 (diff)
downloadsamba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.gz
samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.bz2
samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.zip
Apply my experimental aliases support to HEAD. This will be a bit difficult to
merge to 3_0, as the pdb interfaces has changed a bit between the two. This has not been tested too severly (which means it's completely broken ;-), but I want it in for review. Feel free to revert it :-) TODO: make 'net groupmap' a bit more friendly for alias members. Put that stuff into pdb_ldap. Getting the information over to winbind. One plan without linking pdb into winbind would be to fill group_mapping.tdb with the membership information and have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone could trigger that itself, the problem is a BDC using LDAP. This needs to do it on a regular basis. The BDC smbd needs to be informed about SAM changes somehow... Volker (This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
Diffstat (limited to 'source3/utils/net_groupmap.c')
-rw-r--r--source3/utils/net_groupmap.c112
1 files changed, 112 insertions, 0 deletions
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index 2b487ef17b..48406f72b8 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -608,6 +608,104 @@ static int net_groupmap_cleanup(int argc, const char **argv)
return 0;
}
+static int net_groupmap_addmem(int argc, const char **argv)
+{
+ DOM_SID alias, member;
+ NTSTATUS result;
+
+ if ( (argc != 2) ||
+ !string_to_sid(&alias, argv[0]) ||
+ !string_to_sid(&member, argv[1]) ) {
+ d_printf("Usage: net groupmap addmem alias-sid member-sid\n");
+ return -1;
+ }
+
+ if (!pdb_add_aliasmem(&alias, &member)) {
+ d_printf("Could not add sid %s to alias %s: %s\n",
+ argv[1], argv[0], nt_errstr(result));
+ return -1;
+ }
+
+ return 0;
+}
+
+static int net_groupmap_delmem(int argc, const char **argv)
+{
+ DOM_SID alias, member;
+ NTSTATUS result;
+
+ if ( (argc != 2) ||
+ !string_to_sid(&alias, argv[0]) ||
+ !string_to_sid(&member, argv[1]) ) {
+ d_printf("Usage: net groupmap delmem alias-sid member-sid\n");
+ return -1;
+ }
+
+ if (!pdb_del_aliasmem(&alias, &member)) {
+ d_printf("Could not delete sid %s from alias %s: %s\n",
+ argv[1], argv[0], nt_errstr(result));
+ return -1;
+ }
+
+ return 0;
+}
+
+static int net_groupmap_listmem(int argc, const char **argv)
+{
+ DOM_SID alias;
+ DOM_SID *members;
+ int i, num;
+ NTSTATUS result;
+
+ if ( (argc != 1) ||
+ !string_to_sid(&alias, argv[0]) ) {
+ d_printf("Usage: net groupmap listmem alias-sid\n");
+ return -1;
+ }
+
+ if (!pdb_enum_aliasmem(&alias, &members, &num)) {
+ d_printf("Could not list members for sid %s: %s\n",
+ argv[0], nt_errstr(result));
+ return -1;
+ }
+
+ for (i = 0; i < num; i++) {
+ printf("%s\n", sid_string_static(&(members[i])));
+ }
+
+ SAFE_FREE(members);
+
+ return 0;
+}
+
+static int net_groupmap_memberships(int argc, const char **argv)
+{
+ DOM_SID member;
+ DOM_SID *aliases;
+ int i, num;
+ NTSTATUS result;
+
+ if ( (argc != 1) ||
+ !string_to_sid(&member, argv[0]) ) {
+ d_printf("Usage: net groupmap memberof sid\n");
+ return -1;
+ }
+
+ if (!pdb_enum_alias_memberships(&member, &aliases, &num)) {
+ d_printf("Could not list memberships for sid %s: %s\n",
+ argv[0], nt_errstr(result));
+ return -1;
+ }
+
+ for (i = 0; i < num; i++) {
+ printf("%s\n", sid_string_static(&(aliases[i])));
+ }
+
+ SAFE_FREE(aliases);
+
+ return 0;
+}
+
int net_help_groupmap(int argc, const char **argv)
{
d_printf("net groupmap add"\
@@ -616,6 +714,14 @@ int net_help_groupmap(int argc, const char **argv)
"\n Update a group mapping\n");
d_printf("net groupmap delete"\
"\n Remove a group mapping\n");
+ d_printf("net groupmap addmember"\
+ "\n Add a foreign alias member\n");
+ d_printf("net groupmap delmember"\
+ "\n Delete a foreign alias member\n");
+ d_printf("net groupmap listmembers"\
+ "\n List foreign group members\n");
+ d_printf("net groupmap memberships"\
+ "\n List foreign group memberships\n");
d_printf("net groupmap list"\
"\n List current group map\n");
d_printf("net groupmap set"\
@@ -638,16 +744,22 @@ int net_groupmap(int argc, const char **argv)
{"delete", net_groupmap_delete},
{"set", net_groupmap_set},
{"cleanup", net_groupmap_cleanup},
+ {"addmem", net_groupmap_addmem},
+ {"delmem", net_groupmap_delmem},
+ {"listmem", net_groupmap_listmem},
+ {"memberships", net_groupmap_memberships},
{"list", net_groupmap_list},
{"help", net_help_groupmap},
{NULL, NULL}
};
/* we shouldn't have silly checks like this */
+#if 0
if (getuid() != 0) {
d_printf("You must be root to edit group mappings.\nExiting...\n");
return -1;
}
+#endif
if ( argc )
return net_run_function(argc, argv, func, net_help_groupmap);