diff options
-rw-r--r-- | source3/include/mapping.h | 7 | ||||
-rw-r--r-- | source3/include/rpc_samr.h | 1 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 93 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 8 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 63 |
5 files changed, 167 insertions, 5 deletions
diff --git a/source3/include/mapping.h b/source3/include/mapping.h index fdaa2b0453..cd213cfc11 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -29,5 +29,12 @@ typedef struct _GROUP_MAP { enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; + + /* Here we store SIDs that we can be sure of to be of type + * SID_NAME_DOM_GRP, so it's a Domain Group which can not be + * represented via /etc/group memberships. */ + + int num_member; + DOM_SID *alias_members; } GROUP_MAP; diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index a8ca504c8f..111e62c355 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -1076,6 +1076,7 @@ typedef struct samr_group_info3 typedef struct samr_group_info4 { + uint16 level; UNIHDR hdr_acct_desc; UNISTR2 uni_acct_desc; diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 38d2119e83..c924e33f8a 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -322,6 +322,55 @@ NTSTATUS cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/* Create domain group */ + +NTSTATUS cli_samr_create_dom_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *domain_pol, + const char *group_name, + uint32 access_mask, POLICY_HND *group_pol) +{ + prs_struct qbuf, rbuf; + SAMR_Q_CREATE_DOM_GROUP q; + SAMR_R_CREATE_DOM_GROUP r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("cli_samr_create_dom_group\n")); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_samr_q_create_dom_group(&q, domain_pol, group_name, access_mask); + + if (!samr_io_q_create_dom_group("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SAMR_CREATE_DOM_GROUP, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!samr_io_r_create_dom_group("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + if (NT_STATUS_IS_OK(result)) + *group_pol = r.pol; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /* Query user info */ NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, @@ -368,6 +417,50 @@ NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/* Set group info */ + +NTSTATUS cli_samr_set_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *group_pol, GROUP_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SAMR_Q_SET_GROUPINFO q; + SAMR_R_SET_GROUPINFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("cli_samr_set_groupinfo\n")); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_samr_q_set_groupinfo(&q, group_pol, ctr); + + if (!samr_io_q_set_groupinfo("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SAMR_SET_GROUPINFO, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!samr_io_r_set_groupinfo("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /* Query group info */ NTSTATUS cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index d6f371d471..402f23bde8 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -2271,10 +2271,11 @@ BOOL samr_io_group_info3(const char *desc, GROUP_INFO3 *gr3, prs_struct *ps, int inits a GROUP_INFO4 structure. ********************************************************************/ -void init_samr_group_info4(GROUP_INFO4 * gr4, char *acct_desc) +void init_samr_group_info4(GROUP_INFO4 * gr4, const char *acct_desc) { DEBUG(5, ("init_samr_group_info4\n")); + gr4->level = 4; init_unistr2(&gr4->uni_acct_desc, acct_desc, UNI_FLAGS_NONE); init_uni_hdr(&gr4->hdr_acct_desc, &gr4->uni_acct_desc); } @@ -2292,9 +2293,8 @@ BOOL samr_io_group_info4(const char *desc, GROUP_INFO4 * gr4, prs_debug(ps, depth, desc, "samr_io_group_info4"); depth++; - if(!prs_align(ps)) + if(!prs_uint16("hdr_level", ps, depth, &gr4->level)) return False; - if(!smb_io_unihdr("hdr_acct_desc", &gr4->hdr_acct_desc, ps, depth)) return False; if(!smb_io_unistr2("uni_acct_desc", &gr4->uni_acct_desc, @@ -2349,7 +2349,7 @@ inits a SAMR_Q_CREATE_DOM_GROUP structure. ********************************************************************/ void init_samr_q_create_dom_group(SAMR_Q_CREATE_DOM_GROUP * q_e, - POLICY_HND *pol, char *acct_desc, + POLICY_HND *pol, const char *acct_desc, uint32 access_mask) { DEBUG(5, ("init_samr_q_create_dom_group\n")); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index de6c8be900..e46dfe7fd4 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -1044,6 +1044,67 @@ static int rpc_group_usage(int argc, const char **argv) return net_help_group(argc, argv); } +static NTSTATUS +rpc_group_add_internals(const DOM_SID *domain_sid, const char *domain_name, + struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, const char **argv) +{ + POLICY_HND connect_pol, domain_pol, group_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + GROUP_INFO_CTR group_info; + + if (argc != 1) { + d_printf("Group name must be specified\n"); + rpc_group_usage(argc, argv); + return NT_STATUS_OK; + } + + /* Get sam policy handle */ + + result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + if (!NT_STATUS_IS_OK(result)) goto done; + + /* Get domain policy handle */ + + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + domain_sid, &domain_pol); + if (!NT_STATUS_IS_OK(result)) goto done; + + /* Create the group */ + + result = cli_samr_create_dom_group(cli, mem_ctx, &domain_pol, + argv[0], MAXIMUM_ALLOWED_ACCESS, + &group_pol); + if (!NT_STATUS_IS_OK(result)) goto done; + + if (strlen(opt_comment) == 0) goto done; + + /* We've got a comment to set */ + + group_info.switch_value1 = 4; + init_samr_group_info4(&group_info.group.info4, opt_comment); + + result = cli_samr_set_groupinfo(cli, mem_ctx, &group_pol, &group_info); + if (!NT_STATUS_IS_OK(result)) goto done; + + done: + if (NT_STATUS_IS_OK(result)) + DEBUG(5, ("add group succeeded\n")); + else + d_printf("add group failed: %s\n", nt_errstr(result)); + + return result; +} + +static int rpc_group_add(int argc, const char **argv) +{ + return run_rpc_command(NULL, PI_SAMR, 0, + rpc_group_add_internals, + argc, argv); +} + /** * List groups on a remote RPC server * @@ -1498,8 +1559,8 @@ static int rpc_group_members(int argc, const char **argv) int net_rpc_group(int argc, const char **argv) { struct functable func[] = { -#if 0 {"add", rpc_group_add}, +#if 0 {"delete", rpc_group_delete}, #endif {"list", rpc_group_list}, |