diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-11-23 15:11:22 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-11-23 15:11:22 +0000 |
| commit | 2527f5ef52400294c98b4f4345a4f18b981ff22f (patch) | |
| tree | a0e8a08df31ecdc845582a809b5a54fde3cd73dc /source3/utils | |
| parent | d05bbf042209b737e42a5daa8d59236d351ec8d0 (diff) | |
| download | samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.gz samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.bz2 samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.zip | |
Changed how the privileges are stored in the group mapping code. It's now
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/smbgroupedit.c | 56 |
1 files changed, 38 insertions, 18 deletions
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c index 8d99e8e600..b6138fa576 100644 --- a/source3/utils/smbgroupedit.c +++ b/source3/utils/smbgroupedit.c @@ -38,7 +38,7 @@ extern int optind; static void usage(void) { if (getuid() == 0) { - printf("groupedit options\n"); + printf("smbgroupedit options\n"); } else { printf("You need to be root to use this tool!\n"); } @@ -47,6 +47,8 @@ static void usage(void) printf(" -n group NT group name\n"); printf(" -p privilege only local\n"); printf(" -v list groups\n"); + printf(" -l long list (include details)\n"); + printf(" -s short list (default)\n"); printf(" -c SID change group\n"); printf(" -u unix group\n"); printf(" -x group delete this group\n"); @@ -60,16 +62,12 @@ static void usage(void) **********************************************************/ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege) { - uint32 se_priv; + uint32 se_priv[PRIV_ALL_INDEX]; gid_t gid; DOM_SID sid; fstring string_sid; fstring name, comment; -/* convert_priv_from_text(&se_priv, privilege);*/ - - se_priv=0x0; - gid=nametogid(group); if (gid==-1) return -1; @@ -87,6 +85,10 @@ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcom else fstrcpy(comment, ntcomment); + init_privilege(se_priv); + if (privilege!=NULL) + convert_priv_from_text(se_priv, privilege); + if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv)) return -1; @@ -101,7 +103,7 @@ int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char DOM_SID sid; GROUP_MAP map; gid_t gid; - uint32 se_priv; + uint32 se_priv[PRIV_ALL_INDEX]; string_to_sid(&sid, sid_string); @@ -139,8 +141,10 @@ int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char /* Change the privilege if new one */ if (privilege!=NULL) { - convert_priv_from_text(&se_priv, privilege); - map.privilege=se_priv; + int i; + convert_priv_from_text(se_priv, privilege); + for(i=0; i<PRIV_ALL_INDEX; i++) + map.privileges[i]=se_priv[i]; } if (!add_mapping_entry(&map, TDB_REPLACE)) { @@ -169,7 +173,7 @@ BOOL deletegroup(char *group) /********************************************************* List the groups. **********************************************************/ -int listgroup(enum SID_NAME_USE sid_type) +int listgroup(enum SID_NAME_USE sid_type, BOOL long_list) { int entries,i; GROUP_MAP *map=NULL; @@ -177,7 +181,8 @@ int listgroup(enum SID_NAME_USE sid_type) fstring group_type; fstring priv_text; - printf("Unix\tSID\ttype\tnt name\tnt comment\tprivilege\n"); + if (!long_list) + printf("NT group (SID) -> Unix group\n"); if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED)) return -1; @@ -185,10 +190,18 @@ int listgroup(enum SID_NAME_USE sid_type) for (i=0; i<entries; i++) { decode_sid_name_use(group_type, (map[i]).sid_name_use); sid_to_string(string_sid, &map[i].sid); - convert_priv_to_text(map[i].privilege, priv_text); - - printf("%s\t%s\t%s\n\t%s\t%s\t%s\n\n", gidtoname(map[i].gid), map[i].nt_name, string_sid, - group_type, map[i].comment, priv_text); + convert_priv_to_text(map[i].privileges, priv_text); + + if (!long_list) + printf("%s (%s) -> %s\n", map[i].nt_name, string_sid, gidtoname(map[i].gid)); + else { + printf("%s\n", map[i].nt_name); + printf("\tSID : %s\n", string_sid); + printf("\tUnix group: %s\n", gidtoname(map[i].gid)); + printf("\tGroup type: %s\n", group_type); + printf("\tComment : %s\n", map[i].comment); + printf("\tPrivilege : %s\n\n", priv_text); + } } return 0; @@ -207,7 +220,8 @@ int main (int argc, char **argv) BOOL nt_group = False; BOOL priv = False; BOOL group_type = False; - + BOOL long_list = False; + char *group = NULL; char *sid = NULL; char *ntgroup = NULL; @@ -235,7 +249,7 @@ int main (int argc, char **argv) exit(1); } - while ((ch = getopt(argc, argv, "a:c:d:n:p:t:u:vx:")) != EOF) { + while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:")) != EOF) { switch(ch) { case 'a': add_group = True; @@ -248,6 +262,9 @@ int main (int argc, char **argv) case 'd': group_desc=optarg; break; + case 'l': + long_list = True; + break; case 'n': nt_group = True; ntgroup=optarg; @@ -256,6 +273,9 @@ int main (int argc, char **argv) priv = True; privilege=optarg; break; + case 's': + long_list = False; + break; case 't': group_type = True; groupt=optarg; @@ -325,7 +345,7 @@ int main (int argc, char **argv) return addgroup(group, sid_type, ntgroup, group_desc, privilege); if (view_group) - return listgroup(sid_type); + return listgroup(sid_type, long_list); if (delete_group) return deletegroup(group); |