summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/mapping.h7
-rw-r--r--source3/include/rpc_samr.h1
-rw-r--r--source3/rpc_client/cli_samr.c93
-rw-r--r--source3/rpc_parse/parse_samr.c8
-rw-r--r--source3/utils/net_rpc.c63
5 files changed, 167 insertions, 5 deletions
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index fdaa2b0453..cd213cfc11 100644
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -29,5 +29,12 @@ typedef struct _GROUP_MAP {
enum SID_NAME_USE sid_name_use;
fstring nt_name;
fstring comment;
+
+ /* Here we store SIDs that we can be sure of to be of type
+ * SID_NAME_DOM_GRP, so it's a Domain Group which can not be
+ * represented via /etc/group memberships. */
+
+ int num_member;
+ DOM_SID *alias_members;
} GROUP_MAP;
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index a8ca504c8f..111e62c355 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -1076,6 +1076,7 @@ typedef struct samr_group_info3
typedef struct samr_group_info4
{
+ uint16 level;
UNIHDR hdr_acct_desc;
UNISTR2 uni_acct_desc;
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 38d2119e83..c924e33f8a 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -322,6 +322,55 @@ NTSTATUS cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
+/* Create domain group */
+
+NTSTATUS cli_samr_create_dom_group(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *domain_pol,
+ const char *group_name,
+ uint32 access_mask, POLICY_HND *group_pol)
+{
+ prs_struct qbuf, rbuf;
+ SAMR_Q_CREATE_DOM_GROUP q;
+ SAMR_R_CREATE_DOM_GROUP r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ DEBUG(10,("cli_samr_create_dom_group\n"));
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_samr_q_create_dom_group(&q, domain_pol, group_name, access_mask);
+
+ if (!samr_io_q_create_dom_group("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, SAMR_CREATE_DOM_GROUP, &qbuf, &rbuf))
+ goto done;
+
+ /* Unmarshall response */
+
+ if (!samr_io_r_create_dom_group("", &r, &rbuf, 0))
+ goto done;
+
+ /* Return output parameters */
+
+ result = r.status;
+
+ if (NT_STATUS_IS_OK(result))
+ *group_pol = r.pol;
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result;
+}
+
/* Query user info */
NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
@@ -368,6 +417,50 @@ NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
+/* Set group info */
+
+NTSTATUS cli_samr_set_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *group_pol, GROUP_INFO_CTR *ctr)
+{
+ prs_struct qbuf, rbuf;
+ SAMR_Q_SET_GROUPINFO q;
+ SAMR_R_SET_GROUPINFO r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ DEBUG(10,("cli_samr_set_groupinfo\n"));
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_samr_q_set_groupinfo(&q, group_pol, ctr);
+
+ if (!samr_io_q_set_groupinfo("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, SAMR_SET_GROUPINFO, &qbuf, &rbuf))
+ goto done;
+
+ /* Unmarshall response */
+
+ if (!samr_io_r_set_groupinfo("", &r, &rbuf, 0))
+ goto done;
+
+ /* Return output parameters */
+
+ result = r.status;
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result;
+}
+
/* Query group info */
NTSTATUS cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index d6f371d471..402f23bde8 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -2271,10 +2271,11 @@ BOOL samr_io_group_info3(const char *desc, GROUP_INFO3 *gr3, prs_struct *ps, int
inits a GROUP_INFO4 structure.
********************************************************************/
-void init_samr_group_info4(GROUP_INFO4 * gr4, char *acct_desc)
+void init_samr_group_info4(GROUP_INFO4 * gr4, const char *acct_desc)
{
DEBUG(5, ("init_samr_group_info4\n"));
+ gr4->level = 4;
init_unistr2(&gr4->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
init_uni_hdr(&gr4->hdr_acct_desc, &gr4->uni_acct_desc);
}
@@ -2292,9 +2293,8 @@ BOOL samr_io_group_info4(const char *desc, GROUP_INFO4 * gr4,
prs_debug(ps, depth, desc, "samr_io_group_info4");
depth++;
- if(!prs_align(ps))
+ if(!prs_uint16("hdr_level", ps, depth, &gr4->level))
return False;
-
if(!smb_io_unihdr("hdr_acct_desc", &gr4->hdr_acct_desc, ps, depth))
return False;
if(!smb_io_unistr2("uni_acct_desc", &gr4->uni_acct_desc,
@@ -2349,7 +2349,7 @@ inits a SAMR_Q_CREATE_DOM_GROUP structure.
********************************************************************/
void init_samr_q_create_dom_group(SAMR_Q_CREATE_DOM_GROUP * q_e,
- POLICY_HND *pol, char *acct_desc,
+ POLICY_HND *pol, const char *acct_desc,
uint32 access_mask)
{
DEBUG(5, ("init_samr_q_create_dom_group\n"));
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index de6c8be900..e46dfe7fd4 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -1044,6 +1044,67 @@ static int rpc_group_usage(int argc, const char **argv)
return net_help_group(argc, argv);
}
+static NTSTATUS
+rpc_group_add_internals(const DOM_SID *domain_sid, const char *domain_name,
+ struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc, const char **argv)
+{
+ POLICY_HND connect_pol, domain_pol, group_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ GROUP_INFO_CTR group_info;
+
+ if (argc != 1) {
+ d_printf("Group name must be specified\n");
+ rpc_group_usage(argc, argv);
+ return NT_STATUS_OK;
+ }
+
+ /* Get sam policy handle */
+
+ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
+ if (!NT_STATUS_IS_OK(result)) goto done;
+
+ /* Get domain policy handle */
+
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ domain_sid, &domain_pol);
+ if (!NT_STATUS_IS_OK(result)) goto done;
+
+ /* Create the group */
+
+ result = cli_samr_create_dom_group(cli, mem_ctx, &domain_pol,
+ argv[0], MAXIMUM_ALLOWED_ACCESS,
+ &group_pol);
+ if (!NT_STATUS_IS_OK(result)) goto done;
+
+ if (strlen(opt_comment) == 0) goto done;
+
+ /* We've got a comment to set */
+
+ group_info.switch_value1 = 4;
+ init_samr_group_info4(&group_info.group.info4, opt_comment);
+
+ result = cli_samr_set_groupinfo(cli, mem_ctx, &group_pol, &group_info);
+ if (!NT_STATUS_IS_OK(result)) goto done;
+
+ done:
+ if (NT_STATUS_IS_OK(result))
+ DEBUG(5, ("add group succeeded\n"));
+ else
+ d_printf("add group failed: %s\n", nt_errstr(result));
+
+ return result;
+}
+
+static int rpc_group_add(int argc, const char **argv)
+{
+ return run_rpc_command(NULL, PI_SAMR, 0,
+ rpc_group_add_internals,
+ argc, argv);
+}
+
/**
* List groups on a remote RPC server
*
@@ -1498,8 +1559,8 @@ static int rpc_group_members(int argc, const char **argv)
int net_rpc_group(int argc, const char **argv)
{
struct functable func[] = {
-#if 0
{"add", rpc_group_add},
+#if 0
{"delete", rpc_group_delete},
#endif
{"list", rpc_group_list},