Apply my experimental aliases support to HEAD. This will be a bit difficult to

merge to 3_0, as the pdb interfaces has changed a bit between the two. This has not been tested too severly (which means it's completely broken ;-), but I want it in for review. Feel free to revert it :-) TODO: make 'net groupmap' a bit more friendly for alias members. Put that stuff into pdb_ldap. Getting the information over to winbind. One plan without linking pdb into winbind would be to fill group_mapping.tdb with the membership information and have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone could trigger that itself, the problem is a BDC using LDAP. This needs to do it on a regular basis. The BDC smbd needs to be informed about SAM changes somehow... Volker (This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
author: Volker Lendecke <vlendec@samba.org> 2004-02-29 16:48:19 +0000
committer: Volker Lendecke <vlendec@samba.org> 2004-02-29 16:48:19 +0000
commit: 0d45ad1b0d55546c6a4afcb002acefefc2e2feb0 (patch)
tree: 34fa0e74191cef6a5070a0e1499c919a43b4f64d /source3/utils
parent: 4628a2da1e32f397696640452c950e4b55ada9e7 (diff)
download: samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.gz
samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.bz2
samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.zip
1 files changed, 112 insertions, 0 deletions
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index 2b487ef17b..48406f72b8 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -608,6 +608,104 @@ static int net_groupmap_cleanup(int argc, const char **argv)
 	return 0;
 }
 
+static int net_groupmap_addmem(int argc, const char **argv)
+{
+	DOM_SID alias, member;
+	NTSTATUS result;
+
+	if ( (argc != 2) || 
+	     !string_to_sid(&alias, argv[0]) ||
+	     !string_to_sid(&member, argv[1]) ) {
+		d_printf("Usage: net groupmap addmem alias-sid member-sid\n");
+		return -1;
+	}
+
+	if (!pdb_add_aliasmem(&alias, &member)) {
+		d_printf("Could not add sid %s to alias %s: %s\n",
+			 argv[1], argv[0], nt_errstr(result));
+		return -1;
+	}
+
+	return 0;
+}
+
+static int net_groupmap_delmem(int argc, const char **argv)
+{
+	DOM_SID alias, member;
+	NTSTATUS result;
+
+	if ( (argc != 2) || 
+	     !string_to_sid(&alias, argv[0]) ||
+	     !string_to_sid(&member, argv[1]) ) {
+		d_printf("Usage: net groupmap delmem alias-sid member-sid\n");
+		return -1;
+	}
+
+	if (!pdb_del_aliasmem(&alias, &member)) {
+		d_printf("Could not delete sid %s from alias %s: %s\n",
+			 argv[1], argv[0], nt_errstr(result));
+		return -1;
+	}
+
+	return 0;
+}
+
+static int net_groupmap_listmem(int argc, const char **argv)
+{
+	DOM_SID alias;
+	DOM_SID *members;
+	int i, num;
+	NTSTATUS result;
+
+	if ( (argc != 1) || 
+	     !string_to_sid(&alias, argv[0]) ) {
+		d_printf("Usage: net groupmap listmem alias-sid\n");
+		return -1;
+	}
+
+	if (!pdb_enum_aliasmem(&alias, &members, &num)) {
+		d_printf("Could not list members for sid %s: %s\n",
+			 argv[0], nt_errstr(result));
+		return -1;
+	}
+
+	for (i = 0; i < num; i++) {
+		printf("%s\n", sid_string_static(&(members[i])));
+	}
+
+	SAFE_FREE(members);
+
+	return 0;
+}
+
+static int net_groupmap_memberships(int argc, const char **argv)
+{
+	DOM_SID member;
+	DOM_SID *aliases;
+	int i, num;
+	NTSTATUS result;
+
+	if ( (argc != 1) || 
+	     !string_to_sid(&member, argv[0]) ) {
+		d_printf("Usage: net groupmap memberof sid\n");
+		return -1;
+	}
+
+	if (!pdb_enum_alias_memberships(&member, &aliases, &num)) {
+		d_printf("Could not list memberships for sid %s: %s\n",
+			 argv[0], nt_errstr(result));
+		return -1;
+	}
+
+	for (i = 0; i < num; i++) {
+		printf("%s\n", sid_string_static(&(aliases[i])));
+	}
+
+	SAFE_FREE(aliases);
+
+	return 0;
+}
+
 int net_help_groupmap(int argc, const char **argv)
 {
 	d_printf("net groupmap add"\
@@ -616,6 +714,14 @@ int net_help_groupmap(int argc, const char **argv)
 		"\n  Update a group mapping\n");
 	d_printf("net groupmap delete"\
 		"\n  Remove a group mapping\n");
+	d_printf("net groupmap addmember"\
+		 "\n  Add a foreign alias member\n");
+	d_printf("net groupmap delmember"\
+		 "\n  Delete a foreign alias member\n");
+	d_printf("net groupmap listmembers"\
+		 "\n  List foreign group members\n");
+	d_printf("net groupmap memberships"\
+		 "\n  List foreign group memberships\n");
 	d_printf("net groupmap list"\
 		"\n  List current group map\n");
 	d_printf("net groupmap set"\
@@ -638,16 +744,22 @@ int net_groupmap(int argc, const char **argv)
 		{"delete", net_groupmap_delete},
 		{"set", net_groupmap_set},
 		{"cleanup", net_groupmap_cleanup},
+ 		{"addmem", net_groupmap_addmem},
+ 		{"delmem", net_groupmap_delmem},
+ 		{"listmem", net_groupmap_listmem},
+ 		{"memberships", net_groupmap_memberships},
 		{"list", net_groupmap_list},
 		{"help", net_help_groupmap},
 		{NULL, NULL}
 	};
 
 	/* we shouldn't have silly checks like this */
+#if 0
 	if (getuid() != 0) {
 		d_printf("You must be root to edit group mappings.\nExiting...\n");
 		return -1;
 	}
+#endif
 	
 	if ( argc )
 		return net_run_function(argc, argv, func, net_help_groupmap);
author	Volker Lendecke <vlendec@samba.org>	2004-02-29 16:48:19 +0000
committer	Volker Lendecke <vlendec@samba.org>	2004-02-29 16:48:19 +0000
commit	0d45ad1b0d55546c6a4afcb002acefefc2e2feb0 (patch)
tree	34fa0e74191cef6a5070a0e1499c919a43b4f64d /source3/utils
parent	4628a2da1e32f397696640452c950e4b55ada9e7 (diff)
download	samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.gz samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.bz2 samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.zip