From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/utils/net_sam.c | 784 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 784 insertions(+) create mode 100644 source3/utils/net_sam.c (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c new file mode 100644 index 0000000000..ba3ec5c57f --- /dev/null +++ b/source3/utils/net_sam.c @@ -0,0 +1,784 @@ +/* + * Unix SMB/CIFS implementation. + * Local SAM access routines + * Copyright (C) Volker Lendecke 2006 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +#include "includes.h" +#include "utils/net.h" + +/* + * Set a user's data + */ + +static int net_sam_userset(int argc, const char **argv, const char *field, + BOOL (*fn)(SAM_ACCOUNT *, const char *, + enum pdb_value_state)) +{ + SAM_ACCOUNT *sam_acct = NULL; + DOM_SID sid; + enum SID_NAME_USE type; + const char *dom, *name; + NTSTATUS status; + + if (argc != 2) { + d_fprintf(stderr, "usage: net sam set %s \n", + field); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + if (type != SID_NAME_USER) { + d_fprintf(stderr, "%s is a %s, not a user\n", argv[0], + sid_type_lookup(type)); + return -1; + } + + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) { + d_fprintf(stderr, "Internal error\n"); + return -1; + } + + if (!pdb_getsampwsid(sam_acct, &sid)) { + d_fprintf(stderr, "Loading user %s failed\n", argv[0]); + return -1; + } + + if (!fn(sam_acct, argv[1], PDB_CHANGED)) { + d_fprintf(stderr, "Internal error\n"); + return -1; + } + + status = pdb_update_sam_account(sam_acct); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Updating sam account %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } + + pdb_free_sam(&sam_acct); + + d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); + return 0; +} + +static int net_sam_set_fullname(int argc, const char **argv) +{ + return net_sam_userset(argc, argv, "fullname", + pdb_set_fullname); +} + +static int net_sam_set_logonscript(int argc, const char **argv) +{ + return net_sam_userset(argc, argv, "logonscript", + pdb_set_logon_script); +} + +static int net_sam_set_profilepath(int argc, const char **argv) +{ + return net_sam_userset(argc, argv, "profilepath", + pdb_set_profile_path); +} + +static int net_sam_set_homedrive(int argc, const char **argv) +{ + return net_sam_userset(argc, argv, "homedrive", + pdb_set_dir_drive); +} + +static int net_sam_set_homedir(int argc, const char **argv) +{ + return net_sam_userset(argc, argv, "homedir", + pdb_set_homedir); +} + +static int net_sam_set_workstations(int argc, const char **argv) +{ + return net_sam_userset(argc, argv, "workstations", + pdb_set_workstations); +} + +/* + * Set account flags + */ + +static int net_sam_set_userflag(int argc, const char **argv, const char *field, + uint16 flag) +{ + SAM_ACCOUNT *sam_acct = NULL; + DOM_SID sid; + enum SID_NAME_USE type; + const char *dom, *name; + NTSTATUS status; + uint16 acct_flags; + + if ((argc != 2) || (!strequal(argv[1], "yes") && + !strequal(argv[1], "no"))) { + d_fprintf(stderr, "usage: net sam set %s [yes|no]\n", + field); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + if (type != SID_NAME_USER) { + d_fprintf(stderr, "%s is a %s, not a user\n", argv[0], + sid_type_lookup(type)); + return -1; + } + + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) { + d_fprintf(stderr, "Internal error\n"); + return -1; + } + + if (!pdb_getsampwsid(sam_acct, &sid)) { + d_fprintf(stderr, "Loading user %s failed\n", argv[0]); + return -1; + } + + acct_flags = pdb_get_acct_ctrl(sam_acct); + + if (strequal(argv[1], "yes")) { + acct_flags |= flag; + } else { + acct_flags &= ~flag; + } + + pdb_set_acct_ctrl(sam_acct, acct_flags, PDB_CHANGED); + + status = pdb_update_sam_account(sam_acct); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Updating sam account %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } + + pdb_free_sam(&sam_acct); + + d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom, + name, argv[1]); + return 0; +} + +static int net_sam_set_disabled(int argc, const char **argv) +{ + return net_sam_set_userflag(argc, argv, "disabled", ACB_DISABLED); +} + +static int net_sam_set_pwnotreq(int argc, const char **argv) +{ + return net_sam_set_userflag(argc, argv, "pwnotreq", ACB_PWNOTREQ); +} + +static int net_sam_set_autolock(int argc, const char **argv) +{ + return net_sam_set_userflag(argc, argv, "autolock", ACB_AUTOLOCK); +} + +static int net_sam_set_pwnoexp(int argc, const char **argv) +{ + return net_sam_set_userflag(argc, argv, "pwnoexp", ACB_PWNOEXP); +} + +/* + * Set a user's time field + */ + +static int net_sam_set_time(int argc, const char **argv, const char *field, + BOOL (*fn)(SAM_ACCOUNT *, time_t, + enum pdb_value_state)) +{ + SAM_ACCOUNT *sam_acct = NULL; + DOM_SID sid; + enum SID_NAME_USE type; + const char *dom, *name; + NTSTATUS status; + time_t new_time; + + if (argc != 2) { + d_fprintf(stderr, "usage: net sam set %s " + "[now|YYYY-MM-DD HH:MM]\n", field); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + if (type != SID_NAME_USER) { + d_fprintf(stderr, "%s is a %s, not a user\n", argv[0], + sid_type_lookup(type)); + return -1; + } + + if (strequal(argv[1], "now")) { + new_time = time(NULL); + } else { + struct tm tm; + char *end; + ZERO_STRUCT(tm); + end = strptime(argv[1], "%Y-%m-%d %H:%M", &tm); + new_time = mktime(&tm); + if ((end == NULL) || (*end != '\0') || (new_time == -1)) { + d_fprintf(stderr, "Could not parse time string %s\n", + argv[1]); + return -1; + } + } + + + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) { + d_fprintf(stderr, "Internal error\n"); + return -1; + } + + if (!pdb_getsampwsid(sam_acct, &sid)) { + d_fprintf(stderr, "Loading user %s failed\n", argv[0]); + return -1; + } + + if (!fn(sam_acct, new_time, PDB_CHANGED)) { + d_fprintf(stderr, "Internal error\n"); + return -1; + } + + status = pdb_update_sam_account(sam_acct); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Updating sam account %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } + + pdb_free_sam(&sam_acct); + + d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); + return 0; +} + +static int net_sam_set_pwdmustchange(int argc, const char **argv) +{ + return net_sam_set_time(argc, argv, "pwdmustchange", + pdb_set_pass_must_change_time); +} + +static int net_sam_set_pwdcanchange(int argc, const char **argv) +{ + return net_sam_set_time(argc, argv, "pwdcanchange", + pdb_set_pass_can_change_time); +} + +/* + * Set a user's or a group's comment + */ + +static int net_sam_set_comment(int argc, const char **argv) +{ + GROUP_MAP map; + DOM_SID sid; + enum SID_NAME_USE type; + const char *dom, *name; + NTSTATUS status; + + if (argc != 2) { + d_fprintf(stderr, "usage: net sam set comment " + "\n"); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + if (type == SID_NAME_USER) { + return net_sam_userset(argc, argv, "comment", + pdb_set_acct_desc); + } + + if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) && + (type != SID_NAME_WKN_GRP)) { + d_fprintf(stderr, "%s is a %s, not a group\n", argv[0], + sid_type_lookup(type)); + return -1; + } + + if (!pdb_getgrsid(&map, sid)) { + d_fprintf(stderr, "Could not load group %s\n", argv[0]); + return -1; + } + + fstrcpy(map.comment, argv[1]); + + status = pdb_update_group_mapping_entry(&map); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Updating group mapping entry failed with " + "%s\n", nt_errstr(status)); + return -1; + } + + d_printf("Updated comment of group %s\\%s to %s\n", dom, name, + argv[1]); + + return 0; +} + +static int net_sam_set(int argc, const char **argv) +{ + struct functable2 func[] = { + { "homedir", net_sam_set_homedir, + "Change a user's home directory" }, + { "profilepath", net_sam_set_profilepath, + "Change a user's profile path" }, + { "comment", net_sam_set_comment, + "Change a users or groups description" }, + { "fullname", net_sam_set_fullname, + "Change a user's full name" }, + { "logonscript", net_sam_set_logonscript, + "Change a user's logon script" }, + { "homedrive", net_sam_set_homedrive, + "Change a user's home drive" }, + { "workstations", net_sam_set_workstations, + "Change a user's allowed workstations" }, + { "disabled", net_sam_set_disabled, + "Disable/Enable a user" }, + { "pwnotreq", net_sam_set_pwnotreq, + "Disable/Enable the password not required flag" }, + { "autolock", net_sam_set_autolock, + "Disable/Enable a user's lockout flag" }, + { "pwnoexp", net_sam_set_pwnoexp, + "Disable/Enable whether a user's pw does not expire" }, + { "pwdmustchange", net_sam_set_pwdmustchange, + "Set a users password must change time" }, + { "pwdcanchange", net_sam_set_pwdcanchange, + "Set a users password can change time" }, + {NULL, NULL} + }; + + return net_run_function2(argc, argv, "net sam set", func); +} + +/* + * Map a unix group to a domain group + */ + +static int net_sam_mapunixgroup(int argc, const char **argv) +{ + NTSTATUS status; + GROUP_MAP map; + struct group *grp; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam mapunixgroup \n"); + return -1; + } + + grp = getgrnam(argv[0]); + if (grp == NULL) { + d_fprintf(stderr, "Could not find group %s\n", argv[0]); + return -1; + } + + status = map_unix_group(grp, &map); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Mapping group %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } + + d_printf("Mapped unix group %s to SID %s\n", argv[0], + sid_string_static(&map.sid)); + + return 0; +} + +/* + * Create a local group + */ + +static int net_sam_createlocalgroup(int argc, const char **argv) +{ + NTSTATUS status; + uint32 rid; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam createlocalgroup \n"); + return -1; + } + + if (!winbind_ping()) { + d_fprintf(stderr, "winbind seems not to run. createlocalgroup " + "only works when winbind runs.\n"); + return -1; + } + + status = pdb_create_alias(argv[0], &rid); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Creating %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } + + d_printf("Created local group %s with RID %d\n", argv[0], rid); + + return 0; +} + +/* + * Add a group member + */ + +static int net_sam_addmem(int argc, const char **argv) +{ + const char *groupdomain, *groupname, *memberdomain, *membername; + DOM_SID group, member; + enum SID_NAME_USE grouptype, membertype; + NTSTATUS status; + + if (argc != 2) { + d_fprintf(stderr, "usage: net sam addmem \n"); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &groupdomain, &groupname, &group, &grouptype)) { + d_fprintf(stderr, "Could not find group %s\n", argv[0]); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED, + &memberdomain, &membername, &member, &membertype)) { + d_fprintf(stderr, "Could not find member %s\n", argv[1]); + return -1; + } + + if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) { + if ((membertype != SID_NAME_USER) && + (membertype != SID_NAME_DOM_GRP)) { + d_fprintf(stderr, "%s is a local group, only users " + "and domain groups can be added.\n" + "%s is a %s\n", argv[0], argv[1], + sid_type_lookup(membertype)); + return -1; + } + status = pdb_add_aliasmem(&group, &member); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Adding local group member failed " + "with %s\n", nt_errstr(status)); + return -1; + } + } else { + d_fprintf(stderr, "Can only add members to local groups so " + "far, %s is a %s\n", argv[0], + sid_type_lookup(grouptype)); + return -1; + } + + d_printf("Added %s\\%s to %s\\%s\n", + memberdomain, membername, groupdomain, groupname); + + return 0; +} + +/* + * Delete a group member + */ + +static int net_sam_delmem(int argc, const char **argv) +{ + const char *groupdomain, *groupname; + const char *memberdomain = NULL; + const char *membername = NULL; + DOM_SID group, member; + enum SID_NAME_USE grouptype; + NTSTATUS status; + + if (argc != 2) { + d_fprintf(stderr, "usage: net sam delmem \n"); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &groupdomain, &groupname, &group, &grouptype)) { + d_fprintf(stderr, "Could not find group %s\n", argv[0]); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED, + &memberdomain, &membername, &member, NULL)) { + if (!string_to_sid(&member, argv[1])) { + d_fprintf(stderr, "Could not find member %s\n", + argv[1]); + return -1; + } + } + + if ((grouptype == SID_NAME_ALIAS) || + (grouptype == SID_NAME_WKN_GRP)) { + status = pdb_del_aliasmem(&group, &member); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Deleting local group member failed " + "with %s\n", nt_errstr(status)); + return -1; + } + } else { + d_fprintf(stderr, "Can only delete members from local groups " + "so far, %s is a %s\n", argv[0], + sid_type_lookup(grouptype)); + return -1; + } + + if (membername != NULL) { + d_printf("Deleted %s\\%s from %s\\%s\n", + memberdomain, membername, groupdomain, groupname); + } else { + d_printf("Deleted %s from %s\\%s\n", + sid_string_static(&member), groupdomain, groupname); + } + + return 0; +} + +/* + * List group members + */ + +static int net_sam_listmem(int argc, const char **argv) +{ + const char *groupdomain, *groupname; + DOM_SID group; + enum SID_NAME_USE grouptype; + NTSTATUS status; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam listmem \n"); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &groupdomain, &groupname, &group, &grouptype)) { + d_fprintf(stderr, "Could not find group %s\n", argv[0]); + return -1; + } + + if ((grouptype == SID_NAME_ALIAS) || + (grouptype == SID_NAME_WKN_GRP)) { + DOM_SID *members = NULL; + size_t i, num_members = 0; + + status = pdb_enum_aliasmem(&group, &members, &num_members); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Listing group members failed with " + "%s\n", nt_errstr(status)); + return -1; + } + + d_printf("%s\\%s has %d members\n", groupdomain, groupname, + num_members); + for (i=0; i 1) || + ((argc == 1) && !strequal(argv[0], "verbose"))) { + d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what); + return -1; + } + + if (search == NULL) { + d_fprintf(stderr, "Could not start search\n"); + return -1; + } + + while (True) { + struct samr_displayentry entry; + if (!search->next_entry(search, &entry)) { + break; + } + if (verbose) { + d_printf("%s:%d:%s\n", + entry.account_name, + entry.rid, + entry.description); + } else { + d_printf("%s\n", entry.account_name); + } + } + + search->search_end(search); + return 0; +} + +static int net_sam_list_users(int argc, const char **argv) +{ + return net_sam_do_list(argc, argv, pdb_search_users(ACB_NORMAL), + "users"); +} + +static int net_sam_list_groups(int argc, const char **argv) +{ + return net_sam_do_list(argc, argv, pdb_search_groups(), "groups"); +} + +static int net_sam_list_localgroups(int argc, const char **argv) +{ + return net_sam_do_list(argc, argv, + pdb_search_aliases(get_global_sam_sid()), + "localgroups"); +} + +static int net_sam_list_builtin(int argc, const char **argv) +{ + return net_sam_do_list(argc, argv, + pdb_search_aliases(&global_sid_Builtin), + "builtin"); +} + +static int net_sam_list_workstations(int argc, const char **argv) +{ + return net_sam_do_list(argc, argv, + pdb_search_users(ACB_WSTRUST), + "workstations"); +} + +/* + * List stuff + */ + +static int net_sam_list(int argc, const char **argv) +{ + struct functable2 func[] = { + { "users", net_sam_list_users, + "List SAM users" }, + { "groups", net_sam_list_groups, + "List SAM groups" }, + { "localgroups", net_sam_list_localgroups, + "List SAM local groups" }, + { "builtin", net_sam_list_builtin, + "List builtin groups" }, + { "workstations", net_sam_list_workstations, + "List domain member workstations" }, + {NULL, NULL} + }; + + return net_run_function2(argc, argv, "net sam list", func); +} + +/* + * Show details of SAM entries + */ + +static int net_sam_show(int argc, const char **argv) +{ + DOM_SID sid; + enum SID_NAME_USE type; + const char *dom, *name; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam show \n"); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + d_printf("%s\\%s is a %s with SID %s\n", dom, name, + sid_type_lookup(type), sid_string_static(&sid)); + + return 0; +} + +/*********************************************************** + migrated functionality from smbgroupedit + **********************************************************/ +int net_sam(int argc, const char **argv) +{ + struct functable2 func[] = { + { "createlocalgroup", net_sam_createlocalgroup, + "Create a new local group" }, + { "mapunixgroup", net_sam_mapunixgroup, + "Map a unix group to a domain group" }, + { "addmem", net_sam_addmem, + "Add a member to a group" }, + { "delmem", net_sam_delmem, + "Delete a member from a group" }, + { "listmem", net_sam_listmem, + "List group members" }, + { "list", net_sam_list, + "List users, groups and local groups" }, + { "show", net_sam_show, + "Show details of a SAM entry" }, + { "set", net_sam_set, + "Set details of a SAM account" }, + { NULL, NULL, NULL } + }; + + /* we shouldn't have silly checks like this */ + if (getuid() != 0) { + d_fprintf(stderr, "You must be root to edit the SAM " + "directly.\n"); + return -1; + } + + return net_run_function2(argc, argv, "net sam", func); +} + -- cgit From 2203bed32c84c63737f402accf73452efb76b483 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 20:09:36 +0000 Subject: r13576: This is the beginnings of moving the SAM_ACCOUNT data structure to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0) --- source3/utils/net_sam.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index ba3ec5c57f..ae0aef5960 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -27,10 +27,10 @@ */ static int net_sam_userset(int argc, const char **argv, const char *field, - BOOL (*fn)(SAM_ACCOUNT *, const char *, + BOOL (*fn)(struct samu *, const char *, enum pdb_value_state)) { - SAM_ACCOUNT *sam_acct = NULL; + struct samu *sam_acct = NULL; DOM_SID sid; enum SID_NAME_USE type; const char *dom, *name; @@ -76,7 +76,7 @@ static int net_sam_userset(int argc, const char **argv, const char *field, return -1; } - pdb_free_sam(&sam_acct); + TALLOC_FREE(sam_acct); d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); return 0; @@ -125,7 +125,7 @@ static int net_sam_set_workstations(int argc, const char **argv) static int net_sam_set_userflag(int argc, const char **argv, const char *field, uint16 flag) { - SAM_ACCOUNT *sam_acct = NULL; + struct samu *sam_acct = NULL; DOM_SID sid; enum SID_NAME_USE type; const char *dom, *name; @@ -178,7 +178,7 @@ static int net_sam_set_userflag(int argc, const char **argv, const char *field, return -1; } - pdb_free_sam(&sam_acct); + TALLOC_FREE(sam_acct); d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom, name, argv[1]); @@ -210,10 +210,10 @@ static int net_sam_set_pwnoexp(int argc, const char **argv) */ static int net_sam_set_time(int argc, const char **argv, const char *field, - BOOL (*fn)(SAM_ACCOUNT *, time_t, + BOOL (*fn)(struct samu *, time_t, enum pdb_value_state)) { - SAM_ACCOUNT *sam_acct = NULL; + struct samu *sam_acct = NULL; DOM_SID sid; enum SID_NAME_USE type; const char *dom, *name; @@ -276,7 +276,7 @@ static int net_sam_set_time(int argc, const char **argv, const char *field, return -1; } - pdb_free_sam(&sam_acct); + TALLOC_FREE(sam_acct); d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); return 0; -- cgit From cd559192633d78a9f06e239c6a448955f6ea0842 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 21 Feb 2006 14:34:11 +0000 Subject: r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new() * replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f) --- source3/utils/net_sam.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index ae0aef5960..ea0544abf3 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -54,7 +54,7 @@ static int net_sam_userset(int argc, const char **argv, const char *field, return -1; } - if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) { + if ( !(sam_acct = samu_new( NULL )) ) { d_fprintf(stderr, "Internal error\n"); return -1; } @@ -151,7 +151,7 @@ static int net_sam_set_userflag(int argc, const char **argv, const char *field, return -1; } - if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) { + if ( !(sam_acct = samu_new( NULL )) ) { d_fprintf(stderr, "Internal error\n"); return -1; } @@ -254,7 +254,7 @@ static int net_sam_set_time(int argc, const char **argv, const char *field, } - if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) { + if ( !(sam_acct = samu_new( NULL )) ) { d_fprintf(stderr, "Internal error\n"); return -1; } -- cgit From d54010e219ab9ae7b5777b4136d874d3481bf9a6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 5 Mar 2006 17:49:30 +0000 Subject: r13843: Merge in net sam provision and some pdb_ldap fixes (This used to be commit 705d8118081784e9907648fd1daaaa5ec0285972) --- source3/utils/net_sam.c | 386 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 386 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index ea0544abf3..9c8d72b42f 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -747,6 +747,390 @@ static int net_sam_show(int argc, const char **argv) return 0; } +/* + * Init an LDAP tree with default users and Groups + * if ldapsam:editposix is enabled + */ + +static int net_sam_provision(int argc, const char **argv) +{ + TALLOC_CTX *tc; + char *ldap_bk; + char *ldap_uri = NULL; + char *p; + struct smbldap_state *ls; + GROUP_MAP gmap; + DOM_SID gsid; + gid_t domusers_gid = -1; + gid_t domadmins_gid = -1; + struct samu *samuser; + struct passwd *pwd; + + tc = talloc_new(NULL); + if (!tc) { + d_fprintf(stderr, "Out of Memory!\n"); + return -1; + } + + ldap_bk = talloc_strdup(tc, lp_passdb_backend()); + p = strchr(ldap_bk, ':'); + if (p) { + *p = 0; + ldap_uri = talloc_strdup(tc, p+1); + trim_char(ldap_uri, ' ', ' '); + } + + trim_char(ldap_bk, ' ', ' '); + + if (strcmp(ldap_bk, "ldapsam") != 0) { + d_fprintf(stderr, "Provisioning works only with ldapsam backend\n"); + goto failed; + } + + if (!lp_parm_bool(-1, "ldapsam", "trusted", False) || + !lp_parm_bool(-1, "ldapsam", "editposix", False)) { + + d_fprintf(stderr, "Provisioning works only if ldapsam:trusted" + " and ldapsam:editposix are enabled.\n"); + goto failed; + } + + if (!winbind_ping()) { + d_fprintf(stderr, "winbind seems not to run. Provisioning " + "LDAP only works when winbind runs.\n"); + goto failed; + } + + if (!NT_STATUS_IS_OK(smbldap_init(tc, ldap_uri, &ls))) { + d_fprintf(stderr, "Unable to connect to the LDAP server.\n"); + goto failed; + } + + d_printf("Checking for Domain Users group.\n"); + + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); + + if (!pdb_getgrsid(&gmap, gsid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the Domain Users group.\n"); + + /* lets allocate a new groupid for this group */ + if (!winbind_allocate_gid(&domusers_gid)) { + d_fprintf(stderr, "Unable to allocate a new gid to create Domain Users group!\n"); + goto domu_done; + } + + uname = talloc_strdup(tc, "domusers"); + wname = talloc_strdup(tc, "Domain Users"); + dn = talloc_asprintf(tc, "cn=%s,%s", "domusers", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%d", domusers_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n"); + } + } else { + d_printf("found!\n"); + } + +domu_done: + + d_printf("Checking for Domain Admins group.\n"); + + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); + + if (!pdb_getgrsid(&gmap, gsid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the Domain Admins group.\n"); + + /* lets allocate a new groupid for this group */ + if (!winbind_allocate_gid(&domadmins_gid)) { + d_fprintf(stderr, "Unable to allocate a new gid to create Domain Admins group!\n"); + goto doma_done; + } + + uname = talloc_strdup(tc, "domadmins"); + wname = talloc_strdup(tc, "Domain Admins"); + dn = talloc_asprintf(tc, "cn=%s,%s", "domadmins", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%d", domadmins_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n"); + } + } else { + d_printf("found!\n"); + } + +doma_done: + + d_printf("Check for Administrator account.\n"); + + samuser = samu_new(tc); + if (!samuser) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + if (!pdb_getsampwnam(samuser, "Administrator")) { + LDAPMod **mods = NULL; + DOM_SID sid; + char *dn; + char *name; + char *uidstr; + char *gidstr; + char *shell; + char *dir; + uid_t uid; + int rc; + + d_printf("Adding the Administrator user.\n"); + + if (domadmins_gid == -1) { + d_fprintf(stderr, "Can't create Administrtor user, Domain Admins group not available!\n"); + goto done; + } + if (!winbind_allocate_uid(&uid)) { + d_fprintf(stderr, "Unable to allocate a new uid to create the Administrator user!\n"); + goto done; + } + name = talloc_strdup(tc, "Administrator"); + dn = talloc_asprintf(tc, "uid=Administrator,%s", lp_ldap_user_suffix()); + uidstr = talloc_asprintf(tc, "%d", uid); + gidstr = talloc_asprintf(tc, "%d", domadmins_gid); + dir = talloc_sub_specified(tc, lp_template_homedir(), + "Administrator", + get_global_sam_name(), + uid, domadmins_gid); + shell = talloc_sub_specified(tc, lp_template_shell(), + "Administrator", + get_global_sam_name(), + uid, domadmins_gid); + + if (!name || !dn || !uidstr || !gidstr || !dir || !shell) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN); + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", + pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, + NEW_PW_FORMAT_SPACE_PADDED_LEN)); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add Administrator user to ldap directory\n"); + } + } else { + d_printf("found!\n"); + } + + d_printf("Checking for Guest user.\n"); + + samuser = samu_new(tc); + if (!samuser) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + if (!pdb_getsampwnam(samuser, lp_guestaccount())) { + LDAPMod **mods = NULL; + DOM_SID sid; + char *dn; + char *uidstr; + char *gidstr; + int rc; + + d_printf("Adding the Guest user.\n"); + + pwd = getpwnam_alloc(tc, lp_guestaccount()); + + if (!pwd) { + if (domusers_gid == -1) { + d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n"); + goto done; + } + pwd = talloc(tc, struct passwd); + pwd->pw_name = talloc_strdup(pwd, lp_guestaccount()); + if (!winbind_allocate_uid(&(pwd->pw_uid))) { + d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n"); + goto done; + } + pwd->pw_gid = domusers_gid; + pwd->pw_dir = talloc_strdup(tc, "/"); + pwd->pw_shell = talloc_strdup(tc, "/bin/false"); + if (!pwd->pw_dir || !pwd->pw_shell) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + } + + sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); + + dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ()); + uidstr = talloc_asprintf(tc, "%d", pwd->pw_uid); + gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid); + if (!dn || !uidstr || !gidstr) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", + pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, + NEW_PW_FORMAT_SPACE_PADDED_LEN)); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add Guest user to ldap directory\n"); + } + } else { + d_printf("found!\n"); + } + + d_printf("Checking Guest's group.\n"); + + pwd = getpwnam_alloc(NULL, lp_guestaccount()); + if (!pwd) { + d_fprintf(stderr, "Failed to find just created Guest account!\n" + " Is nssswitch properly configured?!\n"); + goto failed; + } + + if (pwd->pw_gid == domusers_gid) { + d_printf("found!\n"); + goto done; + } + + if (!pdb_getgrgid(&gmap, pwd->pw_gid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the Domain Guests group.\n"); + + uname = talloc_strdup(tc, "domguests"); + wname = talloc_strdup(tc, "Domain Guests"); + dn = talloc_asprintf(tc, "cn=%s,%s", "domguests", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%d", pwd->pw_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS); + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add Domain Guests group to ldap directory\n"); + } + } else { + d_printf("found!\n"); + } + + +done: + talloc_free(tc); + return 0; + +failed: + talloc_free(tc); + return -1; +} + /*********************************************************** migrated functionality from smbgroupedit **********************************************************/ @@ -769,6 +1153,8 @@ int net_sam(int argc, const char **argv) "Show details of a SAM entry" }, { "set", net_sam_set, "Set details of a SAM account" }, + { "provision", net_sam_provision, + "Provision a clean User Database" }, { NULL, NULL, NULL } }; -- cgit From 092e3ed45a7d99d260f888f6c1eeaaf914f37e63 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 5 Mar 2006 18:25:46 +0000 Subject: r13846: Take care of system that do not have LDAP libraries (This used to be commit ab62c8d93acb432678e301e57aeb86887913ebe6) --- source3/utils/net_sam.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 9c8d72b42f..78c31bb1d4 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -747,6 +747,8 @@ static int net_sam_show(int argc, const char **argv) return 0; } +#ifdef HAVE_LDAP + /* * Init an LDAP tree with default users and Groups * if ldapsam:editposix is enabled @@ -1130,6 +1132,7 @@ failed: talloc_free(tc); return -1; } +#endif /*********************************************************** migrated functionality from smbgroupedit @@ -1153,8 +1156,10 @@ int net_sam(int argc, const char **argv) "Show details of a SAM entry" }, { "set", net_sam_set, "Set details of a SAM account" }, +#ifdef HAVE_LDAP { "provision", net_sam_provision, "Provision a clean User Database" }, +#endif { NULL, NULL, NULL } }; -- cgit From b36e2921ee01887793eef55cb5f663042ffa9b72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Mar 2006 12:14:07 +0000 Subject: r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gid (This used to be commit 3137fe5068e4b0c1724b92f49ca8e1d254324801) --- source3/utils/net_sam.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 78c31bb1d4..6321fab54f 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -454,6 +454,63 @@ static int net_sam_createlocalgroup(int argc, const char **argv) return 0; } +/* + * Create a local group + */ + +static int net_sam_createbuiltingroup(int argc, const char **argv) +{ + NTSTATUS status; + uint32 rid; + TALLOC_CTX *ctx; + enum SID_NAME_USE type; + fstring groupname; + DOM_SID sid; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam createbuiltingroup \n"); + return -1; + } + + if (!winbind_ping()) { + d_fprintf(stderr, "winbind seems not to run. createlocalgroup " + "only works when winbind runs.\n"); + return -1; + } + + if ( (ctx = talloc_init("net_sam_createbuiltingroup")) == NULL ) { + d_fprintf( stderr, "Memory allocation error\n"); + return -1; + } + + /* validate the name and get the group */ + + fstrcpy( groupname, "BUILTIN\\" ); + fstrcat( groupname, argv[0] ); + + if ( !lookup_name(ctx, groupname, LOOKUP_NAME_ALL, NULL, NULL, &sid, &type)) { + d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]); + return -1; + } + + if ( !sid_peek_rid( &sid, &rid ) ) { + d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]); + return -1; + } + + status = pdb_create_builtin_alias( rid ); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Creating %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } + + d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid); + + return 0; +} + /* * Add a group member */ @@ -1140,6 +1197,8 @@ failed: int net_sam(int argc, const char **argv) { struct functable2 func[] = { + { "createbuiltingroup", net_sam_createbuiltingroup, + "Create a new BUILTIN group" }, { "createlocalgroup", net_sam_createlocalgroup, "Create a new local group" }, { "mapunixgroup", net_sam_mapunixgroup, -- cgit From efd32bf37183c5c797cec0da37cd347a4a1bfbb2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 24 Mar 2006 23:54:08 +0000 Subject: r14699: allow 'net sam addmem' to accept a SID for the member (This used to be commit 08d201806f53f51fbed4a02a54cb0656f8287b12) --- source3/utils/net_sam.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 6321fab54f..fc7dfea02c 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -533,10 +533,24 @@ static int net_sam_addmem(int argc, const char **argv) return -1; } + /* check to see if the member to be added is a name or a SID */ + if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED, - &memberdomain, &membername, &member, &membertype)) { - d_fprintf(stderr, "Could not find member %s\n", argv[1]); - return -1; + &memberdomain, &membername, &member, &membertype)) + { + /* try it as a SID */ + + if ( !string_to_sid( &member, argv[1] ) ) { + d_fprintf(stderr, "Could not find member %s\n", argv[1]); + return -1; + } + + if ( !lookup_sid(tmp_talloc_ctx(), &member, &memberdomain, + &membername, &membertype) ) + { + d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]); + return -1; + } } if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) { @@ -562,8 +576,8 @@ static int net_sam_addmem(int argc, const char **argv) return -1; } - d_printf("Added %s\\%s to %s\\%s\n", - memberdomain, membername, groupdomain, groupname); + d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername, + groupdomain, groupname); return 0; } -- cgit From 22dbd67708f1651a2341d70ce576fac360affccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Apr 2006 15:33:04 +0000 Subject: r15018: Merge Volker's ipc/trans2/nttrans changes over into 3.0. Also merge the new POSIX lock code - this is not enabled unless -DDEVELOPER is defined. This doesn't yet map onto underlying system POSIX locks. Updates vfs to allow lock queries. Jeremy. (This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7) --- source3/utils/net_sam.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index fc7dfea02c..945afb3a21 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1203,6 +1203,7 @@ failed: talloc_free(tc); return -1; } + #endif /*********************************************************** -- cgit From 22c4ad8a10c920f74d7a1ac5ce0e186303f754ac Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Apr 2006 10:59:44 +0000 Subject: r15173: Fix a non-critical memleak (This used to be commit bb8c69162f9228343e0b05812e0e5a9ca4eb56bf) --- source3/utils/net_sam.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 945afb3a21..0bf662c271 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -462,7 +462,6 @@ static int net_sam_createbuiltingroup(int argc, const char **argv) { NTSTATUS status; uint32 rid; - TALLOC_CTX *ctx; enum SID_NAME_USE type; fstring groupname; DOM_SID sid; @@ -478,17 +477,13 @@ static int net_sam_createbuiltingroup(int argc, const char **argv) return -1; } - if ( (ctx = talloc_init("net_sam_createbuiltingroup")) == NULL ) { - d_fprintf( stderr, "Memory allocation error\n"); - return -1; - } - /* validate the name and get the group */ fstrcpy( groupname, "BUILTIN\\" ); fstrcat( groupname, argv[0] ); - if ( !lookup_name(ctx, groupname, LOOKUP_NAME_ALL, NULL, NULL, &sid, &type)) { + if ( !lookup_name(tmp_talloc_ctx(), groupname, LOOKUP_NAME_ALL, NULL, + NULL, &sid, &type)) { d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]); return -1; } -- cgit From 300acb99ad9fcd4a36998d4ee4d8349478deca59 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Jun 2006 01:47:02 +0000 Subject: r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned int in a format string. Jeremy. (This used to be commit face01ef01e1a3c96eae17c56cadf01020d4cb46) --- source3/utils/net_sam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 0bf662c271..605d4bbc6b 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -672,8 +672,8 @@ static int net_sam_listmem(int argc, const char **argv) return -1; } - d_printf("%s\\%s has %d members\n", groupdomain, groupname, - num_members); + d_printf("%s\\%s has %u members\n", groupdomain, groupname, + (unsigned int)num_members); for (i=0; i Date: Mon, 19 Jun 2006 19:07:39 +0000 Subject: r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607 in net_rpc.c: 715 716 732 734 735 736 737 738 739 749 in net_rpc_audit.c: 754 755 756 in net_rpc_join.c: 757 in net_rpc_registry: 766 767 in net_rpc_samsync.c: 771 773 in net_sam.c: 797 798 Volker (This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584) --- source3/utils/net_sam.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 605d4bbc6b..654c9ec5b2 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -840,7 +840,11 @@ static int net_sam_provision(int argc, const char **argv) return -1; } - ldap_bk = talloc_strdup(tc, lp_passdb_backend()); + if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) { + d_fprintf(stderr, "talloc failed\n"); + talloc_free(tc); + return -1; + } p = strchr(ldap_bk, ':'); if (p) { *p = 0; @@ -1081,7 +1085,10 @@ doma_done: d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n"); goto done; } - pwd = talloc(tc, struct passwd); + if ((pwd = talloc(tc, struct passwd)) == NULL) { + d_fprintf(stderr, "talloc failed\n"); + goto done; + } pwd->pw_name = talloc_strdup(pwd, lp_guestaccount()); if (!winbind_allocate_uid(&(pwd->pw_uid))) { d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n"); -- cgit From ff7c0a7c357ab8a0ff9de6d18988933e0b398780 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 08:26:40 +0000 Subject: r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f) --- source3/utils/net_sam.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 654c9ec5b2..aed07553b6 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -330,7 +330,7 @@ static int net_sam_set_comment(int argc, const char **argv) return -1; } - if (!pdb_getgrsid(&map, sid)) { + if (!pdb_getgrsid(&map, &sid)) { d_fprintf(stderr, "Could not load group %s\n", argv[0]); return -1; } @@ -882,7 +882,7 @@ static int net_sam_provision(int argc, const char **argv) sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); - if (!pdb_getgrsid(&gmap, gsid)) { + if (!pdb_getgrsid(&gmap, &gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -935,7 +935,7 @@ domu_done: sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); - if (!pdb_getgrsid(&gmap, gsid)) { + if (!pdb_getgrsid(&gmap, &gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; -- cgit From e1e62d89999629d41cc2b66b12eb37ce190d5db0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 19:29:34 +0000 Subject: r17463: A bit of cleanup work: Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc) --- source3/utils/net_sam.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index aed07553b6..16f7b1b25b 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -330,7 +330,7 @@ static int net_sam_set_comment(int argc, const char **argv) return -1; } - if (!pdb_getgrsid(&map, &sid)) { + if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid))) { d_fprintf(stderr, "Could not load group %s\n", argv[0]); return -1; } @@ -882,7 +882,7 @@ static int net_sam_provision(int argc, const char **argv) sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); - if (!pdb_getgrsid(&gmap, &gsid)) { + if (!NT_STATUS_IS_OK(pdb_getgrsid(&gmap, &gsid))) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -935,7 +935,7 @@ domu_done: sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); - if (!pdb_getgrsid(&gmap, &gsid)) { + if (!NT_STATUS_IS_OK(pdb_getgrsid(&gmap, &gsid))) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -1153,7 +1153,7 @@ doma_done: goto done; } - if (!pdb_getgrgid(&gmap, pwd->pw_gid)) { + if (!NT_STATUS_IS_OK(pdb_getgrgid(&gmap, pwd->pw_gid))) { LDAPMod **mods = NULL; char *dn; char *uname; -- cgit From 03e3cd1d5a005ad5fd2bc97f9863abf675efd09f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Aug 2006 14:07:15 +0000 Subject: r17554: Cleanup (This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9) --- source3/utils/net_sam.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 16f7b1b25b..654c9ec5b2 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -330,7 +330,7 @@ static int net_sam_set_comment(int argc, const char **argv) return -1; } - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid))) { + if (!pdb_getgrsid(&map, sid)) { d_fprintf(stderr, "Could not load group %s\n", argv[0]); return -1; } @@ -882,7 +882,7 @@ static int net_sam_provision(int argc, const char **argv) sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); - if (!NT_STATUS_IS_OK(pdb_getgrsid(&gmap, &gsid))) { + if (!pdb_getgrsid(&gmap, gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -935,7 +935,7 @@ domu_done: sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); - if (!NT_STATUS_IS_OK(pdb_getgrsid(&gmap, &gsid))) { + if (!pdb_getgrsid(&gmap, gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -1153,7 +1153,7 @@ doma_done: goto done; } - if (!NT_STATUS_IS_OK(pdb_getgrgid(&gmap, pwd->pw_gid))) { + if (!pdb_getgrgid(&gmap, pwd->pw_gid)) { LDAPMod **mods = NULL; char *dn; char *uname; -- cgit From 2b27c93a9a8471693d7dcb5fdbe8afe65b22ff66 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Sep 2006 14:28:06 +0000 Subject: r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951) --- source3/utils/net_sam.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 654c9ec5b2..9edbc7b8cf 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -32,7 +32,7 @@ static int net_sam_userset(int argc, const char **argv, const char *field, { struct samu *sam_acct = NULL; DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; const char *dom, *name; NTSTATUS status; @@ -127,7 +127,7 @@ static int net_sam_set_userflag(int argc, const char **argv, const char *field, { struct samu *sam_acct = NULL; DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; const char *dom, *name; NTSTATUS status; uint16 acct_flags; @@ -215,7 +215,7 @@ static int net_sam_set_time(int argc, const char **argv, const char *field, { struct samu *sam_acct = NULL; DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; const char *dom, *name; NTSTATUS status; time_t new_time; @@ -302,7 +302,7 @@ static int net_sam_set_comment(int argc, const char **argv) { GROUP_MAP map; DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; const char *dom, *name; NTSTATUS status; @@ -462,7 +462,7 @@ static int net_sam_createbuiltingroup(int argc, const char **argv) { NTSTATUS status; uint32 rid; - enum SID_NAME_USE type; + enum lsa_SidType type; fstring groupname; DOM_SID sid; @@ -514,7 +514,7 @@ static int net_sam_addmem(int argc, const char **argv) { const char *groupdomain, *groupname, *memberdomain, *membername; DOM_SID group, member; - enum SID_NAME_USE grouptype, membertype; + enum lsa_SidType grouptype, membertype; NTSTATUS status; if (argc != 2) { @@ -587,7 +587,7 @@ static int net_sam_delmem(int argc, const char **argv) const char *memberdomain = NULL; const char *membername = NULL; DOM_SID group, member; - enum SID_NAME_USE grouptype; + enum lsa_SidType grouptype; NTSTATUS status; if (argc != 2) { @@ -645,7 +645,7 @@ static int net_sam_listmem(int argc, const char **argv) { const char *groupdomain, *groupname; DOM_SID group; - enum SID_NAME_USE grouptype; + enum lsa_SidType grouptype; NTSTATUS status; if (argc != 1) { @@ -793,7 +793,7 @@ static int net_sam_list(int argc, const char **argv) static int net_sam_show(int argc, const char **argv) { DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; const char *dom, *name; if (argc != 1) { -- cgit From e5b3b3cac5c328cc0afcff1c33cf65e38ab6329d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 15 Sep 2006 15:27:13 +0000 Subject: r18556: Implement "net sam policy", thanks to Karolin Seeger . Volker (This used to be commit da22aa7021d42a940d8f2151770fedbd2abdb63a) --- source3/utils/net_sam.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 9edbc7b8cf..00289d3bd3 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -386,6 +386,80 @@ static int net_sam_set(int argc, const char **argv) return net_run_function2(argc, argv, "net sam set", func); } +/* + * Change account policies + */ + +static int net_sam_policy(int argc, const char **argv) +{ + + const char *account_policy = NULL; + uint32 value, old_value; + int field; + + if ((argc < 1) || (argc > 2)) { + d_fprintf(stderr, "usage: net sam policy \"\" " + "-> show current value\n"); + d_fprintf(stderr, "usage: net sam policy \"\" " + " -> set a new value\n"); + return -1; + } + + account_policy = argv[0]; + field = account_policy_name_to_fieldnum(account_policy); + + if (field == 0) { + char *apn = account_policy_names_list(); + d_fprintf(stderr, "No account policy by that name!\n"); + if (apn) { + d_fprintf(stderr, "Valid account policies " + "are:\n%s\n", apn); + } + SAFE_FREE(apn); + return -1; + } + + if (!pdb_get_account_policy(field, &old_value)) { + fprintf(stderr, "Valid account policy, but unable to " + "fetch value!\n"); + return -1; + } + + if (argc == 1) { + /* + * Just read the value + */ + + printf("Account policy \"%s\" description: %s\n", + account_policy, account_policy_get_desc(field)); + printf("Account policy \"%s\" value is: %d\n", account_policy, + old_value); + return 0; + } + + /* + * Here we know we have 2 args, so set it + */ + + value = strtoul(argv[1], NULL, 10); + + printf("Account policy \"%s\" description: %s\n", account_policy, + account_policy_get_desc(field)); + printf("Account policy \"%s\" value was: %d\n", account_policy, + old_value); + + if (!pdb_set_account_policy(field, value)) { + d_fprintf(stderr, "Setting account policy %s to %u failed \n", + account_policy, value); + } + + printf("Account policy \"%s\" value is now: %d\n", account_policy, + value); + + return 0; +} + + /* * Map a unix group to a domain group */ @@ -1232,6 +1306,8 @@ int net_sam(int argc, const char **argv) "Show details of a SAM entry" }, { "set", net_sam_set, "Set details of a SAM account" }, + { "policy", net_sam_policy, + "Set account policies" }, #ifdef HAVE_LDAP { "provision", net_sam_provision, "Provision a clean User Database" }, -- cgit From 0f961cb6db0486239e68b625e743c08b075b05e9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 20 Sep 2006 23:56:07 +0000 Subject: r18758: Update net sam to use calculated times and force change password properly. (This used to be commit fb269ca0afe57651a6fa0d8f8ba5c014e902c3d3) --- source3/utils/net_sam.c | 56 ++++++++++++------------------------------------- 1 file changed, 13 insertions(+), 43 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 00289d3bd3..03e0ff0a9c 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -206,23 +206,20 @@ static int net_sam_set_pwnoexp(int argc, const char **argv) } /* - * Set a user's time field + * Set pass last change time, based on force pass change now */ -static int net_sam_set_time(int argc, const char **argv, const char *field, - BOOL (*fn)(struct samu *, time_t, - enum pdb_value_state)) +static int net_sam_set_pwdmustchangenow(int argc, const char **argv) { struct samu *sam_acct = NULL; DOM_SID sid; enum lsa_SidType type; const char *dom, *name; NTSTATUS status; - time_t new_time; - if (argc != 2) { - d_fprintf(stderr, "usage: net sam set %s " - "[now|YYYY-MM-DD HH:MM]\n", field); + if ((argc != 2) || (!strequal(argv[1], "yes") && + !strequal(argv[1], "no"))) { + d_fprintf(stderr, "usage: net sam set pwdmustchangenow [yes|no]\n"); return -1; } @@ -238,22 +235,6 @@ static int net_sam_set_time(int argc, const char **argv, const char *field, return -1; } - if (strequal(argv[1], "now")) { - new_time = time(NULL); - } else { - struct tm tm; - char *end; - ZERO_STRUCT(tm); - end = strptime(argv[1], "%Y-%m-%d %H:%M", &tm); - new_time = mktime(&tm); - if ((end == NULL) || (*end != '\0') || (new_time == -1)) { - d_fprintf(stderr, "Could not parse time string %s\n", - argv[1]); - return -1; - } - } - - if ( !(sam_acct = samu_new( NULL )) ) { d_fprintf(stderr, "Internal error\n"); return -1; @@ -264,9 +245,10 @@ static int net_sam_set_time(int argc, const char **argv, const char *field, return -1; } - if (!fn(sam_acct, new_time, PDB_CHANGED)) { - d_fprintf(stderr, "Internal error\n"); - return -1; + if (strequal(argv[1], "yes")) { + pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED); + } else { + pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED); } status = pdb_update_sam_account(sam_acct); @@ -278,21 +260,11 @@ static int net_sam_set_time(int argc, const char **argv, const char *field, TALLOC_FREE(sam_acct); - d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); + d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom, + name, argv[1]); return 0; } -static int net_sam_set_pwdmustchange(int argc, const char **argv) -{ - return net_sam_set_time(argc, argv, "pwdmustchange", - pdb_set_pass_must_change_time); -} - -static int net_sam_set_pwdcanchange(int argc, const char **argv) -{ - return net_sam_set_time(argc, argv, "pwdcanchange", - pdb_set_pass_can_change_time); -} /* * Set a user's or a group's comment @@ -376,10 +348,8 @@ static int net_sam_set(int argc, const char **argv) "Disable/Enable a user's lockout flag" }, { "pwnoexp", net_sam_set_pwnoexp, "Disable/Enable whether a user's pw does not expire" }, - { "pwdmustchange", net_sam_set_pwdmustchange, - "Set a users password must change time" }, - { "pwdcanchange", net_sam_set_pwdcanchange, - "Set a users password can change time" }, + { "pwdmustchangenow", net_sam_set_pwdmustchangenow, + "Force users password must change at next logon" }, {NULL, NULL} }; -- cgit From b724a280197e01b4b1dd0d82edff1d97f511eb44 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 22 Nov 2006 14:17:36 +0000 Subject: r19835: Some net sam policy improvements. Thanks to Karolin Seeger Volker (This used to be commit 2091018a534006cddaa5cf52f564fd7e023473b6) --- source3/utils/net_sam.c | 127 +++++++++++++++++++++++++++++------------------- 1 file changed, 77 insertions(+), 50 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 03e0ff0a9c..b041bd7a65 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -357,78 +357,105 @@ static int net_sam_set(int argc, const char **argv) } /* - * Change account policies + * Manage account policies */ -static int net_sam_policy(int argc, const char **argv) +static int net_sam_policy_set(int argc, const char **argv) { - const char *account_policy = NULL; uint32 value, old_value; int field; - if ((argc < 1) || (argc > 2)) { - d_fprintf(stderr, "usage: net sam policy \"\" " - "-> show current value\n"); - d_fprintf(stderr, "usage: net sam policy \"\" " - " -> set a new value\n"); - return -1; - } + if (argc != 2) { + d_fprintf(stderr, "usage: net sam policy set" + "\"\" \n"); + return -1; + } + value = strtoul(argv[1], NULL, 10); account_policy = argv[0]; field = account_policy_name_to_fieldnum(account_policy); - if (field == 0) { - char *apn = account_policy_names_list(); - d_fprintf(stderr, "No account policy by that name!\n"); - if (apn) { - d_fprintf(stderr, "Valid account policies " - "are:\n%s\n", apn); - } - SAFE_FREE(apn); - return -1; - } + printf("Account policy \"%s\" description: %s\n", account_policy, + account_policy_get_desc(field)); + printf("Account policy \"%s\" value was: %d\n", account_policy, + old_value); - if (!pdb_get_account_policy(field, &old_value)) { - fprintf(stderr, "Valid account policy, but unable to " - "fetch value!\n"); - return -1; - } + if (!pdb_set_account_policy(field, value)) { + d_fprintf(stderr, "Setting account policy %s to %u failed \n", + account_policy, value); + } - if (argc == 1) { - /* - * Just read the value - */ + printf("Account policy \"%s\" value is now: %d\n", account_policy, + value); - printf("Account policy \"%s\" description: %s\n", - account_policy, account_policy_get_desc(field)); - printf("Account policy \"%s\" value is: %d\n", account_policy, - old_value); - return 0; - } + return 0; +} - /* - * Here we know we have 2 args, so set it - */ +static int net_sam_policy_show(int argc, const char **argv) +{ + const char *account_policy = NULL; + uint32 old_value; + int field; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam policy show" + " \"\" \n"); + return -1; + } - value = strtoul(argv[1], NULL, 10); + account_policy = argv[0]; + field = account_policy_name_to_fieldnum(account_policy); + + if (field == 0) { + char *apn = account_policy_names_list(); + d_fprintf(stderr, "No account policy by that name!\n"); + if (apn) { + d_fprintf(stderr, "Valid account policies " + "are:\n%s\n", apn); + } + SAFE_FREE(apn); + return -1; + } - printf("Account policy \"%s\" description: %s\n", account_policy, - account_policy_get_desc(field)); - printf("Account policy \"%s\" value was: %d\n", account_policy, + if (!pdb_get_account_policy(field, &old_value)) { + fprintf(stderr, "Valid account policy, but unable to " + "fetch value!\n"); + return -1; + } + + printf("Account policy \"%s\" description: %s\n", + account_policy, account_policy_get_desc(field)); + printf("Account policy \"%s\" value is: %d\n", account_policy, old_value); + return 0; +} - if (!pdb_set_account_policy(field, value)) { - d_fprintf(stderr, "Setting account policy %s to %u failed \n", - account_policy, value); +static int net_sam_policy_list(int argc, const char **argv) +{ + char *apn = account_policy_names_list(); + if (apn) { + d_fprintf(stderr, "Valid account policies " + "are:\n\n%s\n", apn); } - - printf("Account policy \"%s\" value is now: %d\n", account_policy, - value); - - return 0; + SAFE_FREE(apn); + return -1; } +static int net_sam_policy(int argc, const char **argv) +{ + struct functable2 func[] = { + { "list", net_sam_policy_list, + "List account policies" }, + { "show", net_sam_policy_show, + "Show account policies" }, + { "set", net_sam_policy_set, + "Change account policies" }, + {NULL, NULL} + }; + + return net_run_function2(argc, argv, "net sam policy", func); +} /* * Map a unix group to a domain group -- cgit From ca70f53930df64b6a2fcb563b4ffa84d99a01741 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 22 Nov 2006 16:39:07 +0000 Subject: r19840: Fix an uninitialized variable (This used to be commit c4b5e8c7a0b936a3d95f221718a048d5374e836a) --- source3/utils/net_sam.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index b041bd7a65..d92bf1521c 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -378,6 +378,13 @@ static int net_sam_policy_set(int argc, const char **argv) printf("Account policy \"%s\" description: %s\n", account_policy, account_policy_get_desc(field)); + + if (!pdb_get_account_policy(field, &old_value)) { + fprintf(stderr, "Valid account policy, but unable to " + "fetch value!\n"); + return -1; + } + printf("Account policy \"%s\" value was: %d\n", account_policy, old_value); -- cgit From e2bebe486550374978af200232334ddc7757ba8d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 1 Dec 2006 14:54:31 +0000 Subject: r19978: More "net sam policy" improvements. Thanks to Karolin Seeger Volker (This used to be commit fde042f29e9e9ac19ed3380e8fbe45fa8441e705) --- source3/utils/net_sam.c | 83 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 26 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index d92bf1521c..2c9b9649f7 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -365,38 +365,57 @@ static int net_sam_policy_set(int argc, const char **argv) const char *account_policy = NULL; uint32 value, old_value; int field; + char *endptr; if (argc != 2) { - d_fprintf(stderr, "usage: net sam policy set" + d_fprintf(stderr, "usage: net sam policy set " "\"\" \n"); return -1; } - value = strtoul(argv[1], NULL, 10); account_policy = argv[0]; field = account_policy_name_to_fieldnum(account_policy); + value = strtoul(argv[1], &endptr, 10); - printf("Account policy \"%s\" description: %s\n", account_policy, - account_policy_get_desc(field)); + if (field == 0) { + const char **names; + int i, count; + + account_policy_names_list(&names, &count); + d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]); + d_fprintf(stderr, "Valid account policies are:\n"); + + for (i=0; i Date: Wed, 10 Jan 2007 15:31:42 +0000 Subject: r20654: Fix from Karolin Seeger : Accept "forever", "off" and "never" as key words for -1 as policy values for net sam policy. Volker (This used to be commit b6347751d8f67dcaac5c1bcbc07f03073278f6fb) --- source3/utils/net_sam.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 2c9b9649f7..8800cb3606 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -375,7 +375,21 @@ static int net_sam_policy_set(int argc, const char **argv) account_policy = argv[0]; field = account_policy_name_to_fieldnum(account_policy); - value = strtoul(argv[1], &endptr, 10); + + if (strequal(argv[1], "forever") || strequal(argv[1], "never") + || strequal(argv[1], "off")) { + value = -1; + } + else { + value = strtoul(argv[1], &endptr, 10); + + if ((endptr == argv[1]) || (endptr[0] != '\0')) { + d_printf("Unable to set policy \"%s\"! Invalid value " + "\"%s\".\n", + account_policy, argv[1]); + return -1; + } + } if (field == 0) { const char **names; @@ -398,12 +412,6 @@ static int net_sam_policy_set(int argc, const char **argv) "value!\n"); } - if ((endptr == argv[1]) || (endptr[0] != '\0')) { - d_printf("Unable to set policy \"%s\"! Invalid value %s.\n", - account_policy, argv[1]); - return -1; - } - if (!pdb_set_account_policy(field, value)) { d_fprintf(stderr, "Valid account policy, but unable to " "set value!\n"); -- cgit From 10820162f1cfbfd77fae84327c21d81ff8a6881c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 9 Mar 2007 16:55:56 +0000 Subject: r21776: fix bugs #4438 #4440 (This used to be commit 319fcb4ea8b7a004760aae82392b69c48af5df91) --- source3/utils/net_sam.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 8800cb3606..bf397803bc 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1043,6 +1043,7 @@ static int net_sam_provision(int argc, const char **argv) d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n"); } } else { + domusers_gid = gmap.gid; d_printf("found!\n"); } @@ -1096,6 +1097,7 @@ domu_done: d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n"); } } else { + domadmins_gid = gmap.gid; d_printf("found!\n"); } @@ -1124,7 +1126,7 @@ doma_done: d_printf("Adding the Administrator user.\n"); if (domadmins_gid == -1) { - d_fprintf(stderr, "Can't create Administrtor user, Domain Admins group not available!\n"); + d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n"); goto done; } if (!winbind_allocate_uid(&uid)) { @@ -1238,8 +1240,12 @@ doma_done: smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name); smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr); smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell); + if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) { + smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir); + } + if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) { + smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell); + } smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, @@ -1261,7 +1267,7 @@ doma_done: pwd = getpwnam_alloc(NULL, lp_guestaccount()); if (!pwd) { d_fprintf(stderr, "Failed to find just created Guest account!\n" - " Is nssswitch properly configured?!\n"); + " Is nss properly configured?!\n"); goto failed; } -- cgit From 0d91334fe799f6b50a8265f9dc097411c3a29e18 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Mar 2007 16:49:16 +0000 Subject: r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997) --- source3/utils/net_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index bf397803bc..3b7d604dc6 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -990,7 +990,7 @@ static int net_sam_provision(int argc, const char **argv) goto failed; } - if (!NT_STATUS_IS_OK(smbldap_init(tc, ldap_uri, &ls))) { + if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &ls))) { d_fprintf(stderr, "Unable to connect to the LDAP server.\n"); goto failed; } -- cgit From 956a5ce7d52f9f7d14c39e4086970a36b5871cd3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 20 Apr 2007 12:23:36 +0000 Subject: r22412: Add a "deletelocalgroup" subcommand to net sam. Thanks to Karolin Seeger . (This used to be commit 1499c50513c091c06cc96e813856b3cdbebfe407) --- source3/utils/net_sam.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 3b7d604dc6..4d3102b51f 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -571,6 +571,46 @@ static int net_sam_createlocalgroup(int argc, const char **argv) return 0; } +/* + * Delete a local group + */ + +static int net_sam_deletelocalgroup(int argc, const char **argv) +{ + DOM_SID sid; + enum lsa_SidType type; + const char *dom, *name; + int ret; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam deletelocalgroup \n"); + return -1; + } + + if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s.\n", argv[0]); + return -1; + } + + if (type != SID_NAME_ALIAS) { + d_fprintf(stderr, "%s is a %s, not a local group.\n", argv[0], + sid_type_lookup(type)); + return -1; + } + + ret = pdb_delete_alias(&sid); + + if ( !ret ) { + d_fprintf(stderr, "Could not delete local group %s.\n", argv[0]); + return -1; + } + + d_printf("Deleted local group %s.\n", argv[0]); + + return 0; +} + /* * Create a local group */ @@ -1341,6 +1381,8 @@ int net_sam(int argc, const char **argv) "Create a new BUILTIN group" }, { "createlocalgroup", net_sam_createlocalgroup, "Create a new local group" }, + { "deletelocalgroup", net_sam_deletelocalgroup, + "Delete an existing local group" }, { "mapunixgroup", net_sam_mapunixgroup, "Map a unix group to a domain group" }, { "addmem", net_sam_addmem, -- cgit From 16ae8eff937c1344192a3afa84ff1eb14de5d46d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 9 May 2007 11:39:55 +0000 Subject: r22766: Merge from 3_0: r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines Add a "deletelocalgroup" subcommand to net sam. Thanks to Karolin Seeger . (This used to be commit fb6ac8a5b247a961963a9b6a95cd6608c5b53d09) --- source3/utils/net_sam.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 4d3102b51f..06fc73da4b 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -580,7 +580,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) DOM_SID sid; enum lsa_SidType type; const char *dom, *name; - int ret; + NTSTATUS status; if (argc != 1) { d_fprintf(stderr, "usage: net sam deletelocalgroup \n"); @@ -589,7 +589,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { - d_fprintf(stderr, "Could not find name %s.\n", argv[0]); + d_fprintf(stderr, "Could not find %s.\n", argv[0]); return -1; } @@ -599,12 +599,13 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) return -1; } - ret = pdb_delete_alias(&sid); + status = pdb_delete_alias(&sid); - if ( !ret ) { - d_fprintf(stderr, "Could not delete local group %s.\n", argv[0]); - return -1; - } + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Deleting local group %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } d_printf("Deleted local group %s.\n", argv[0]); -- cgit From a0f9db7a169886914b4e5323c61e127011a2d16b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 9 May 2007 11:40:48 +0000 Subject: r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert. (This used to be commit 2c5b951eba509e826a29775db992aca474476484) --- source3/utils/net_sam.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 06fc73da4b..4d3102b51f 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -580,7 +580,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) DOM_SID sid; enum lsa_SidType type; const char *dom, *name; - NTSTATUS status; + int ret; if (argc != 1) { d_fprintf(stderr, "usage: net sam deletelocalgroup \n"); @@ -589,7 +589,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { - d_fprintf(stderr, "Could not find %s.\n", argv[0]); + d_fprintf(stderr, "Could not find name %s.\n", argv[0]); return -1; } @@ -599,13 +599,12 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) return -1; } - status = pdb_delete_alias(&sid); + ret = pdb_delete_alias(&sid); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "Deleting local group %s failed with %s\n", - argv[0], nt_errstr(status)); - return -1; - } + if ( !ret ) { + d_fprintf(stderr, "Could not delete local group %s.\n", argv[0]); + return -1; + } d_printf("Deleted local group %s.\n", argv[0]); -- cgit From 9e30a76c04d0da0bc14f7a0605db7ad51e5cfcd9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 11 May 2007 08:46:54 +0000 Subject: r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change return values of some alias-releated pdb functions from BOOL to NTSTATUS Thanks :-) (This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d) --- source3/utils/net_sam.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 4d3102b51f..06fc73da4b 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -580,7 +580,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) DOM_SID sid; enum lsa_SidType type; const char *dom, *name; - int ret; + NTSTATUS status; if (argc != 1) { d_fprintf(stderr, "usage: net sam deletelocalgroup \n"); @@ -589,7 +589,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { - d_fprintf(stderr, "Could not find name %s.\n", argv[0]); + d_fprintf(stderr, "Could not find %s.\n", argv[0]); return -1; } @@ -599,12 +599,13 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) return -1; } - ret = pdb_delete_alias(&sid); + status = pdb_delete_alias(&sid); - if ( !ret ) { - d_fprintf(stderr, "Could not delete local group %s.\n", argv[0]); - return -1; - } + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Deleting local group %s failed with %s\n", + argv[0], nt_errstr(status)); + return -1; + } d_printf("Deleted local group %s.\n", argv[0]); -- cgit From 1cb8a948b3ce558506fe3ee084e8d0682cf4d3ed Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 11 May 2007 08:59:01 +0000 Subject: r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net sam unmapunixgroup" (This used to be commit 55e2f35fad8bda3ff2c2ace5323ddeaee87d783e) --- source3/utils/net_sam.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 06fc73da4b..dd979bdc6e 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -507,6 +507,61 @@ static int net_sam_policy(int argc, const char **argv) * Map a unix group to a domain group */ +static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) +{ + NTSTATUS status; + GROUP_MAP map; + const char *grpname, *dom, *name; + uint32 rid; + + if (pdb_getgrgid(&map, grp->gr_gid)) { + return NT_STATUS_GROUP_EXISTS; + } + + map.gid = grp->gr_gid; + grpname = grp->gr_name; + + if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + &dom, &name, NULL, NULL)) { + + const char *tmp = talloc_asprintf( + tmp_talloc_ctx(), "Unix Group %s", grp->gr_name); + + DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n", + grpname, dom, name, tmp)); + grpname = tmp; + } + + if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + NULL, NULL, NULL, NULL)) { + DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name)); + return NT_STATUS_GROUP_EXISTS; + } + + fstrcpy(map.nt_name, grpname); + + if (pdb_rid_algorithm()) { + rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); + } else { + if (!pdb_new_rid(&rid)) { + DEBUG(3, ("Could not get a new RID for %s\n", + grp->gr_name)); + return NT_STATUS_ACCESS_DENIED; + } + } + + sid_compose(&map.sid, get_global_sam_sid(), rid); + map.sid_name_use = SID_NAME_DOM_GRP; + fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s", + grp->gr_name)); + + status = pdb_add_group_mapping_entry(&map); + if (NT_STATUS_IS_OK(status)) { + *pmap = map; + } + return status; +} + static int net_sam_mapunixgroup(int argc, const char **argv) { NTSTATUS status; @@ -538,6 +593,67 @@ static int net_sam_mapunixgroup(int argc, const char **argv) return 0; } +/* + * Remove a group mapping + */ + +static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap) +{ + NTSTATUS status; + GROUP_MAP map; + const char *grpname; + DOM_SID dom_sid; + + map.gid = grp->gr_gid; + grpname = grp->gr_name; + + if (!lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + NULL, NULL, NULL, NULL)) { + DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name)); + return NT_STATUS_NO_SUCH_GROUP; + } + + fstrcpy(map.nt_name, grpname); + + if (!pdb_gid_to_sid(map.gid, &dom_sid)) { + return NT_STATUS_UNSUCCESSFUL; + } + + status = pdb_delete_group_mapping_entry(dom_sid); + + return status; +} + +static int net_sam_unmapunixgroup(int argc, const char **argv) +{ + NTSTATUS status; + GROUP_MAP map; + struct group *grp; + + if (argc != 1) { + d_fprintf(stderr, "usage: net sam unmapunixgroup \n"); + return -1; + } + + grp = getgrnam(argv[0]); + if (grp == NULL) { + d_fprintf(stderr, "Could not find mapping for group %s.\n", argv[0]); + return -1; + } + + status = unmap_unix_group(grp, &map); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Unmapping group %s failed with %s.\n", + argv[0], nt_errstr(status)); + return -1; + } + + d_printf("Unmapped unix group %s.\n", argv[0]); + + return 0; +} + /* * Create a local group */ @@ -1386,6 +1502,8 @@ int net_sam(int argc, const char **argv) "Delete an existing local group" }, { "mapunixgroup", net_sam_mapunixgroup, "Map a unix group to a domain group" }, + { "unmapunixgroup", net_sam_unmapunixgroup, + "Remove a group mapping of an unix group to a domain group" }, { "addmem", net_sam_addmem, "Add a member to a group" }, { "delmem", net_sam_delmem, -- cgit From 248a82c0f28a5e1df957726558b795cf98d29097 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 4 Jun 2007 01:51:18 +0000 Subject: r23323: merged ldb changes from 3.0.26 (This used to be commit 7c9a5c2a3f012a06e9550dc0de7df460c2fd943b) --- source3/utils/net_sam.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index dd979bdc6e..851c3e86de 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -958,6 +958,8 @@ static int net_sam_listmem(int argc, const char **argv) sid_string_static(&members[i])); } } + + TALLOC_FREE(members); } else { d_fprintf(stderr, "Can only list local group members so far.\n" "%s is a %s\n", argv[0], sid_type_lookup(grouptype)); -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/utils/net_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 851c3e86de..8177e48242 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/utils/net_sam.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 8177e48242..09eb57f95f 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -14,8 +14,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ -- cgit From 929e1d99209e20a9c2c95c8bdfc8eaa37b2c2291 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 30 Aug 2007 19:48:31 +0000 Subject: r24809: Consolidate the use of temporary talloc contexts. This adds the two functions talloc_stackframe() and talloc_tos(). * When a new talloc stackframe is allocated with talloc_stackframe(), then * the TALLOC_CTX returned with talloc_tos() is reset to that new * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse * happens: The previous talloc_tos() is restored. * * This API is designed to be robust in the sense that if someone forgets to * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and * resets the talloc_tos(). The original motivation for this patch was to get rid of the sid_string_static & friends buffers. Explicitly passing talloc context everywhere clutters code too much for my taste, so an implicit talloc_tos() is introduced here. Many of these static buffers are replaced by a single static pointer. The intended use would thus be that low-level functions can rather freely push stuff to talloc_tos, the upper layers clean up by freeing the stackframe. The more of these stackframes are used and correctly freed the more exact the memory cleanup happens. This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and lp_talloc_ctx (did I forget any?) So, never do a tmp_ctx = talloc_init("foo"); anymore, instead, use tmp_ctx = talloc_stackframe() :-) Volker (This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b) --- source3/utils/net_sam.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 09eb57f95f..3cc838e71b 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -41,7 +41,7 @@ static int net_sam_userset(int argc, const char **argv, const char *field, return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -138,7 +138,7 @@ static int net_sam_set_userflag(int argc, const char **argv, const char *field, return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -222,7 +222,7 @@ static int net_sam_set_pwdmustchangenow(int argc, const char **argv) return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -283,7 +283,7 @@ static int net_sam_set_comment(int argc, const char **argv) return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -520,18 +520,18 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) map.gid = grp->gr_gid; grpname = grp->gr_name; - if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_ISOLATED, &dom, &name, NULL, NULL)) { const char *tmp = talloc_asprintf( - tmp_talloc_ctx(), "Unix Group %s", grp->gr_name); + talloc_tos(), "Unix Group %s", grp->gr_name); DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n", grpname, dom, name, tmp)); grpname = tmp; } - if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_ISOLATED, NULL, NULL, NULL, NULL)) { DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name)); return NT_STATUS_GROUP_EXISTS; @@ -551,7 +551,7 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) sid_compose(&map.sid, get_global_sam_sid(), rid); map.sid_name_use = SID_NAME_DOM_GRP; - fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s", + fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s", grp->gr_name)); status = pdb_add_group_mapping_entry(&map); @@ -606,7 +606,7 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap) map.gid = grp->gr_gid; grpname = grp->gr_name; - if (!lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_ISOLATED, NULL, NULL, NULL, NULL)) { DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name)); return NT_STATUS_NO_SUCH_GROUP; @@ -702,7 +702,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find %s.\n", argv[0]); return -1; @@ -755,7 +755,7 @@ static int net_sam_createbuiltingroup(int argc, const char **argv) fstrcpy( groupname, "BUILTIN\\" ); fstrcat( groupname, argv[0] ); - if ( !lookup_name(tmp_talloc_ctx(), groupname, LOOKUP_NAME_ALL, NULL, + if ( !lookup_name(talloc_tos(), groupname, LOOKUP_NAME_ALL, NULL, NULL, &sid, &type)) { d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]); return -1; @@ -795,7 +795,7 @@ static int net_sam_addmem(int argc, const char **argv) return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, "Could not find group %s\n", argv[0]); return -1; @@ -803,7 +803,7 @@ static int net_sam_addmem(int argc, const char **argv) /* check to see if the member to be added is a name or a SID */ - if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_ISOLATED, &memberdomain, &membername, &member, &membertype)) { /* try it as a SID */ @@ -813,7 +813,7 @@ static int net_sam_addmem(int argc, const char **argv) return -1; } - if ( !lookup_sid(tmp_talloc_ctx(), &member, &memberdomain, + if ( !lookup_sid(talloc_tos(), &member, &memberdomain, &membername, &membertype) ) { d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]); @@ -868,13 +868,13 @@ static int net_sam_delmem(int argc, const char **argv) return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, "Could not find group %s\n", argv[0]); return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_ISOLATED, &memberdomain, &membername, &member, NULL)) { if (!string_to_sid(&member, argv[1])) { d_fprintf(stderr, "Could not find member %s\n", @@ -926,7 +926,7 @@ static int net_sam_listmem(int argc, const char **argv) return -1; } - if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, "Could not find group %s\n", argv[0]); return -1; @@ -949,7 +949,7 @@ static int net_sam_listmem(int argc, const char **argv) (unsigned int)num_members); for (i=0; i Date: Sat, 8 Sep 2007 04:45:59 +0000 Subject: r25019: Fix coverity bug #105, run #332. Use of uninitialized variable. Jeremy. (This used to be commit a58de8cee51c1396a2607ee743c92d58d7703547) --- source3/utils/net_sam.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 3cc838e71b..056bd6a0cc 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -362,7 +362,8 @@ static int net_sam_set(int argc, const char **argv) static int net_sam_policy_set(int argc, const char **argv) { const char *account_policy = NULL; - uint32 value, old_value; + uint32 value = 0; + uint32 old_value = 0; int field; char *endptr; @@ -409,19 +410,20 @@ static int net_sam_policy_set(int argc, const char **argv) if (!pdb_get_account_policy(field, &old_value)) { d_fprintf(stderr, "Valid account policy, but unable to fetch " "value!\n"); + } else { + d_printf("Account policy \"%s\" value was: %d\n", account_policy, + old_value); } if (!pdb_set_account_policy(field, value)) { d_fprintf(stderr, "Valid account policy, but unable to " "set value!\n"); return -1; + } else { + d_printf("Account policy \"%s\" value is now: %d\n", account_policy, + value); } - d_printf("Account policy \"%s\" value was: %d\n", account_policy, - old_value); - - d_printf("Account policy \"%s\" value is now: %d\n", account_policy, - value); return 0; } -- cgit From 54d3c7f61d612ca041aafc0fba964e0431cbf463 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Sep 2007 20:30:51 +0000 Subject: r25040: Add "net sam rights" Not strictly in the SAM, but close enough. This command acts directly on the local tdb, no running smbd required This also changes the root-only check to a warning (This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c) --- source3/utils/net_sam.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 056bd6a0cc..8f6ccffc51 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -504,6 +504,138 @@ static int net_sam_policy(int argc, const char **argv) return net_run_function2(argc, argv, "net sam policy", func); } +extern PRIVS privs[]; + +static int net_sam_rights_list(int argc, const char **argv) +{ + SE_PRIV mask; + + if (argc > 1) { + d_fprintf(stderr, "usage: net sam rights list [name]\n"); + return -1; + } + + if (argc == 0) { + int i; + int num = count_all_privileges(); + + for (i=0; i " + "\n"); + return -1; + } + + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + if (!se_priv_from_name(argv[1], &mask)) { + d_fprintf(stderr, "%s unknown\n", argv[1]); + return -1; + } + + if (!grant_privilege(&sid, &mask)) { + d_fprintf(stderr, "Could not grant privilege\n"); + return -1; + } + + d_printf("Granted %s to %s\\%s\n", argv[1], dom, name); + return 0; +} + +static int net_sam_rights_revoke(int argc, const char **argv) +{ + DOM_SID sid; + enum lsa_SidType type; + const char *dom, *name; + SE_PRIV mask; + + if (argc != 2) { + d_fprintf(stderr, "usage: net sam rights revoke " + "\n"); + return -1; + } + + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + &dom, &name, &sid, &type)) { + d_fprintf(stderr, "Could not find name %s\n", argv[0]); + return -1; + } + + if (!se_priv_from_name(argv[1], &mask)) { + d_fprintf(stderr, "%s unknown\n", argv[1]); + return -1; + } + + if (!revoke_privilege(&sid, &mask)) { + d_fprintf(stderr, "Could not revoke privilege\n"); + return -1; + } + + d_printf("Revoked %s from %s\\%s\n", argv[1], dom, name); + return 0; +} + +static int net_sam_rights(int argc, const char **argv) +{ + struct functable2 func[] = { + { "list", net_sam_rights_list, + "List possible user rights" }, + { "grant", net_sam_rights_grant, + "Grant a right" }, + { "revoke", net_sam_rights_revoke, + "Revoke a right" }, + { NULL } + }; + return net_run_function2(argc, argv, "net sam rights", func); +} + /* * Map a unix group to a domain group */ @@ -1521,6 +1653,8 @@ int net_sam(int argc, const char **argv) "Set details of a SAM account" }, { "policy", net_sam_policy, "Set account policies" }, + { "rights", net_sam_rights, + "Manipulate user privileges" }, #ifdef HAVE_LDAP { "provision", net_sam_provision, "Provision a clean User Database" }, @@ -1528,11 +1662,9 @@ int net_sam(int argc, const char **argv) { NULL, NULL, NULL } }; - /* we shouldn't have silly checks like this */ if (getuid() != 0) { - d_fprintf(stderr, "You must be root to edit the SAM " - "directly.\n"); - return -1; + d_fprintf(stderr, "You are not root, most things won't " + "work\n"); } return net_run_function2(argc, argv, "net sam", func); -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/utils/net_sam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 8f6ccffc51..b7e21c6849 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -26,7 +26,7 @@ */ static int net_sam_userset(int argc, const char **argv, const char *field, - BOOL (*fn)(struct samu *, const char *, + bool (*fn)(struct samu *, const char *, enum pdb_value_state)) { struct samu *sam_acct = NULL; @@ -1108,7 +1108,7 @@ static int net_sam_listmem(int argc, const char **argv) static int net_sam_do_list(int argc, const char **argv, struct pdb_search *search, const char *what) { - BOOL verbose = (argc == 1); + bool verbose = (argc == 1); if ((argc > 1) || ((argc == 1) && !strequal(argv[0], "verbose"))) { -- cgit From 54ae9dfcbce727ae3107f21eee68762502acda60 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:49:15 +0100 Subject: Use sid_string_talloc where we have a tmp talloc ctx (This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a) --- source3/utils/net_sam.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index b7e21c6849..123aa54715 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1324,7 +1324,8 @@ static int net_sam_provision(int argc, const char **argv) smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", + sid_string_talloc(tc, &gsid)); smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); talloc_autofree_ldapmod(tc, mods); @@ -1378,7 +1379,8 @@ domu_done: smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", + sid_string_talloc(tc, &gsid)); smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); talloc_autofree_ldapmod(tc, mods); @@ -1455,7 +1457,8 @@ doma_done: smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir); smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", + sid_string_talloc(tc, &sid)); smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, NEW_PW_FORMAT_SPACE_PADDED_LEN)); @@ -1538,7 +1541,8 @@ doma_done: if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) { smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell); } - smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", sid_string_static(&sid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID", + sid_string_talloc(tc, &sid)); smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags", pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, NEW_PW_FORMAT_SPACE_PADDED_LEN)); @@ -1597,7 +1601,8 @@ doma_done: smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", sid_string_static(&gsid)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", + sid_string_talloc(tc, &gsid)); smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); talloc_autofree_ldapmod(tc, mods); -- cgit From 7b01537679d4d4f1408634fe63c64c144f9d9519 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:53:26 +0100 Subject: Replace sid_string_static with sid_string_tos In utils/ I was a bit lazy... (This used to be commit 60e830b0f4571bd5d9039f2edd199534f2a4c341) --- source3/utils/net_sam.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 123aa54715..c82c89bf42 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -721,7 +721,7 @@ static int net_sam_mapunixgroup(int argc, const char **argv) } d_printf("Mapped unix group %s to SID %s\n", argv[0], - sid_string_static(&map.sid)); + sid_string_tos(&map.sid)); return 0; } @@ -1038,7 +1038,7 @@ static int net_sam_delmem(int argc, const char **argv) memberdomain, membername, groupdomain, groupname); } else { d_printf("Deleted %s from %s\\%s\n", - sid_string_static(&member), groupdomain, groupname); + sid_string_tos(&member), groupdomain, groupname); } return 0; @@ -1087,8 +1087,7 @@ static int net_sam_listmem(int argc, const char **argv) &dom, &name, NULL)) { d_printf(" %s\\%s\n", dom, name); } else { - d_printf(" %s\n", - sid_string_static(&members[i])); + d_printf(" %s\n", sid_string_tos(&members[i])); } } @@ -1217,7 +1216,7 @@ static int net_sam_show(int argc, const char **argv) } d_printf("%s\\%s is a %s with SID %s\n", dom, name, - sid_type_lookup(type), sid_string_static(&sid)); + sid_type_lookup(type), sid_string_tos(&sid)); return 0; } -- cgit From 7d5415a2cc4d86c97f220c308b43787d6fb845f8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Dec 2007 11:55:05 +0100 Subject: Fix flags in all callers of lookup_name() in net_sam.c. Michael (This used to be commit 6d0db17a9e255235d40eabc63e91c9f5d4febcde) --- source3/utils/net_sam.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index c82c89bf42..139eed6b95 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -41,7 +41,7 @@ static int net_sam_userset(int argc, const char **argv, const char *field, return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -138,7 +138,7 @@ static int net_sam_set_userflag(int argc, const char **argv, const char *field, return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -222,7 +222,7 @@ static int net_sam_set_pwdmustchangenow(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -283,7 +283,7 @@ static int net_sam_set_comment(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -569,7 +569,7 @@ static int net_sam_rights_grant(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -602,7 +602,7 @@ static int net_sam_rights_revoke(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; @@ -654,7 +654,7 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) map.gid = grp->gr_gid; grpname = grp->gr_name; - if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_ISOLATED, + if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL, &dom, &name, NULL, NULL)) { const char *tmp = talloc_asprintf( @@ -665,7 +665,7 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) grpname = tmp; } - if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_ISOLATED, + if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL, NULL, NULL, NULL, NULL)) { DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name)); return NT_STATUS_GROUP_EXISTS; @@ -740,7 +740,7 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap) map.gid = grp->gr_gid; grpname = grp->gr_name; - if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL, NULL, NULL, NULL, NULL)) { DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name)); return NT_STATUS_NO_SUCH_GROUP; @@ -836,7 +836,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find %s.\n", argv[0]); return -1; @@ -929,7 +929,7 @@ static int net_sam_addmem(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, "Could not find group %s\n", argv[0]); return -1; @@ -937,7 +937,7 @@ static int net_sam_addmem(int argc, const char **argv) /* check to see if the member to be added is a name or a SID */ - if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL, &memberdomain, &membername, &member, &membertype)) { /* try it as a SID */ @@ -1002,13 +1002,13 @@ static int net_sam_delmem(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, "Could not find group %s\n", argv[0]); return -1; } - if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL, &memberdomain, &membername, &member, NULL)) { if (!string_to_sid(&member, argv[1])) { d_fprintf(stderr, "Could not find member %s\n", @@ -1060,7 +1060,7 @@ static int net_sam_listmem(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, "Could not find group %s\n", argv[0]); return -1; @@ -1209,7 +1209,7 @@ static int net_sam_show(int argc, const char **argv) return -1; } - if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_ISOLATED, + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, "Could not find name %s\n", argv[0]); return -1; -- cgit From 602bb7d7665ccd42b90089622def32f9e3ec2594 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Dec 2007 11:57:14 +0100 Subject: Make usage message for net sam rights list a little more precise. Michael (This used to be commit d466a5136d5151e2a3cae7464cb346f0db650554) --- source3/utils/net_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 139eed6b95..bd1f6cd686 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -511,7 +511,7 @@ static int net_sam_rights_list(int argc, const char **argv) SE_PRIV mask; if (argc > 1) { - d_fprintf(stderr, "usage: net sam rights list [name]\n"); + d_fprintf(stderr, "usage: net sam rights list [privilege name]\n"); return -1; } -- cgit From 5f196fafd3a8ed9dda189b62bcd24105bb693456 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Dec 2007 17:06:06 +0100 Subject: Properly destroy the pdb search object (This used to be commit 514cf532248723e7f775dc5f8f2e6936e02b7a1c) --- source3/utils/net_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index bd1f6cd686..52f8f911e1 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1135,7 +1135,7 @@ static int net_sam_do_list(int argc, const char **argv, } } - search->search_end(search); + pdb_search_destroy(search); return 0; } -- cgit From 5f68ea53ff691084ed41f728c5141dd079fe2756 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Thu, 10 Apr 2008 10:42:17 +0200 Subject: objectclass -> objectClass Karolin (This used to be commit b865b8a79afd8f3b43bb3adcdcbcbca623dc76a2) --- source3/utils/net_sam.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 52f8f911e1..b5cd8e637a 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1318,7 +1318,7 @@ static int net_sam_provision(int argc, const char **argv) goto failed; } - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); @@ -1373,7 +1373,7 @@ domu_done: goto failed; } - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); @@ -1595,7 +1595,7 @@ doma_done: sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); -- cgit From f5769109447d8da0f09b102d444a816ad97a00dc Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 9 May 2008 23:22:12 +0200 Subject: net: Remove globals (This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e) --- source3/utils/net_sam.c | 145 +++++++++++++++++++++++++++--------------------- 1 file changed, 83 insertions(+), 62 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index b5cd8e637a..9199f70400 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -25,7 +25,8 @@ * Set a user's data */ -static int net_sam_userset(int argc, const char **argv, const char *field, +static int net_sam_userset(struct net_context *c, int argc, const char **argv, + const char *field, bool (*fn)(struct samu *, const char *, enum pdb_value_state)) { @@ -81,39 +82,45 @@ static int net_sam_userset(int argc, const char **argv, const char *field, return 0; } -static int net_sam_set_fullname(int argc, const char **argv) +static int net_sam_set_fullname(struct net_context *c, int argc, + const char **argv) { - return net_sam_userset(argc, argv, "fullname", + return net_sam_userset(c, argc, argv, "fullname", pdb_set_fullname); } -static int net_sam_set_logonscript(int argc, const char **argv) +static int net_sam_set_logonscript(struct net_context *c, int argc, + const char **argv) { - return net_sam_userset(argc, argv, "logonscript", + return net_sam_userset(c, argc, argv, "logonscript", pdb_set_logon_script); } -static int net_sam_set_profilepath(int argc, const char **argv) +static int net_sam_set_profilepath(struct net_context *c, int argc, + const char **argv) { - return net_sam_userset(argc, argv, "profilepath", + return net_sam_userset(c, argc, argv, "profilepath", pdb_set_profile_path); } -static int net_sam_set_homedrive(int argc, const char **argv) +static int net_sam_set_homedrive(struct net_context *c, int argc, + const char **argv) { - return net_sam_userset(argc, argv, "homedrive", + return net_sam_userset(c, argc, argv, "homedrive", pdb_set_dir_drive); } -static int net_sam_set_homedir(int argc, const char **argv) +static int net_sam_set_homedir(struct net_context *c, int argc, + const char **argv) { - return net_sam_userset(argc, argv, "homedir", + return net_sam_userset(c, argc, argv, "homedir", pdb_set_homedir); } -static int net_sam_set_workstations(int argc, const char **argv) +static int net_sam_set_workstations(struct net_context *c, int argc, + const char **argv) { - return net_sam_userset(argc, argv, "workstations", + return net_sam_userset(c, argc, argv, "workstations", pdb_set_workstations); } @@ -121,7 +128,8 @@ static int net_sam_set_workstations(int argc, const char **argv) * Set account flags */ -static int net_sam_set_userflag(int argc, const char **argv, const char *field, +static int net_sam_set_userflag(struct net_context *c, int argc, + const char **argv, const char *field, uint16 flag) { struct samu *sam_acct = NULL; @@ -184,31 +192,36 @@ static int net_sam_set_userflag(int argc, const char **argv, const char *field, return 0; } -static int net_sam_set_disabled(int argc, const char **argv) +static int net_sam_set_disabled(struct net_context *c, int argc, + const char **argv) { - return net_sam_set_userflag(argc, argv, "disabled", ACB_DISABLED); + return net_sam_set_userflag(c, argc, argv, "disabled", ACB_DISABLED); } -static int net_sam_set_pwnotreq(int argc, const char **argv) +static int net_sam_set_pwnotreq(struct net_context *c, int argc, + const char **argv) { - return net_sam_set_userflag(argc, argv, "pwnotreq", ACB_PWNOTREQ); + return net_sam_set_userflag(c, argc, argv, "pwnotreq", ACB_PWNOTREQ); } -static int net_sam_set_autolock(int argc, const char **argv) +static int net_sam_set_autolock(struct net_context *c, int argc, + const char **argv) { - return net_sam_set_userflag(argc, argv, "autolock", ACB_AUTOLOCK); + return net_sam_set_userflag(c, argc, argv, "autolock", ACB_AUTOLOCK); } -static int net_sam_set_pwnoexp(int argc, const char **argv) +static int net_sam_set_pwnoexp(struct net_context *c, int argc, + const char **argv) { - return net_sam_set_userflag(argc, argv, "pwnoexp", ACB_PWNOEXP); + return net_sam_set_userflag(c, argc, argv, "pwnoexp", ACB_PWNOEXP); } /* * Set pass last change time, based on force pass change now */ -static int net_sam_set_pwdmustchangenow(int argc, const char **argv) +static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc, + const char **argv) { struct samu *sam_acct = NULL; DOM_SID sid; @@ -269,7 +282,8 @@ static int net_sam_set_pwdmustchangenow(int argc, const char **argv) * Set a user's or a group's comment */ -static int net_sam_set_comment(int argc, const char **argv) +static int net_sam_set_comment(struct net_context *c, int argc, + const char **argv) { GROUP_MAP map; DOM_SID sid; @@ -290,7 +304,7 @@ static int net_sam_set_comment(int argc, const char **argv) } if (type == SID_NAME_USER) { - return net_sam_userset(argc, argv, "comment", + return net_sam_userset(c, argc, argv, "comment", pdb_set_acct_desc); } @@ -322,7 +336,7 @@ static int net_sam_set_comment(int argc, const char **argv) return 0; } -static int net_sam_set(int argc, const char **argv) +static int net_sam_set(struct net_context *c, int argc, const char **argv) { struct functable2 func[] = { { "homedir", net_sam_set_homedir, @@ -352,14 +366,14 @@ static int net_sam_set(int argc, const char **argv) {NULL, NULL} }; - return net_run_function2(argc, argv, "net sam set", func); + return net_run_function2(c, argc, argv, "net sam set", func); } /* * Manage account policies */ -static int net_sam_policy_set(int argc, const char **argv) +static int net_sam_policy_set(struct net_context *c, int argc, const char **argv) { const char *account_policy = NULL; uint32 value = 0; @@ -427,7 +441,7 @@ static int net_sam_policy_set(int argc, const char **argv) return 0; } -static int net_sam_policy_show(int argc, const char **argv) +static int net_sam_policy_show(struct net_context *c, int argc, const char **argv) { const char *account_policy = NULL; uint32 old_value; @@ -472,7 +486,7 @@ static int net_sam_policy_show(int argc, const char **argv) return 0; } -static int net_sam_policy_list(int argc, const char **argv) +static int net_sam_policy_list(struct net_context *c, int argc, const char **argv) { const char **names; int count; @@ -489,7 +503,7 @@ static int net_sam_policy_list(int argc, const char **argv) return -1; } -static int net_sam_policy(int argc, const char **argv) +static int net_sam_policy(struct net_context *c, int argc, const char **argv) { struct functable2 func[] = { { "list", net_sam_policy_list, @@ -501,12 +515,13 @@ static int net_sam_policy(int argc, const char **argv) {NULL, NULL} }; - return net_run_function2(argc, argv, "net sam policy", func); + return net_run_function2(c, argc, argv, "net sam policy", func); } extern PRIVS privs[]; -static int net_sam_rights_list(int argc, const char **argv) +static int net_sam_rights_list(struct net_context *c, int argc, + const char **argv) { SE_PRIV mask; @@ -556,7 +571,8 @@ static int net_sam_rights_list(int argc, const char **argv) return -1; } -static int net_sam_rights_grant(int argc, const char **argv) +static int net_sam_rights_grant(struct net_context *c, int argc, + const char **argv) { DOM_SID sid; enum lsa_SidType type; @@ -589,7 +605,7 @@ static int net_sam_rights_grant(int argc, const char **argv) return 0; } -static int net_sam_rights_revoke(int argc, const char **argv) +static int net_sam_rights_revoke(struct net_context *c, int argc, const char **argv) { DOM_SID sid; enum lsa_SidType type; @@ -622,7 +638,7 @@ static int net_sam_rights_revoke(int argc, const char **argv) return 0; } -static int net_sam_rights(int argc, const char **argv) +static int net_sam_rights(struct net_context *c, int argc, const char **argv) { struct functable2 func[] = { { "list", net_sam_rights_list, @@ -633,7 +649,7 @@ static int net_sam_rights(int argc, const char **argv) "Revoke a right" }, { NULL } }; - return net_run_function2(argc, argv, "net sam rights", func); + return net_run_function2(c, argc, argv, "net sam rights", func); } /* @@ -695,7 +711,7 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) return status; } -static int net_sam_mapunixgroup(int argc, const char **argv) +static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv) { NTSTATUS status; GROUP_MAP map; @@ -757,7 +773,7 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap) return status; } -static int net_sam_unmapunixgroup(int argc, const char **argv) +static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv) { NTSTATUS status; GROUP_MAP map; @@ -791,7 +807,7 @@ static int net_sam_unmapunixgroup(int argc, const char **argv) * Create a local group */ -static int net_sam_createlocalgroup(int argc, const char **argv) +static int net_sam_createlocalgroup(struct net_context *c, int argc, const char **argv) { NTSTATUS status; uint32 rid; @@ -824,7 +840,7 @@ static int net_sam_createlocalgroup(int argc, const char **argv) * Delete a local group */ -static int net_sam_deletelocalgroup(int argc, const char **argv) +static int net_sam_deletelocalgroup(struct net_context *c, int argc, const char **argv) { DOM_SID sid; enum lsa_SidType type; @@ -865,7 +881,7 @@ static int net_sam_deletelocalgroup(int argc, const char **argv) * Create a local group */ -static int net_sam_createbuiltingroup(int argc, const char **argv) +static int net_sam_createbuiltingroup(struct net_context *c, int argc, const char **argv) { NTSTATUS status; uint32 rid; @@ -917,7 +933,7 @@ static int net_sam_createbuiltingroup(int argc, const char **argv) * Add a group member */ -static int net_sam_addmem(int argc, const char **argv) +static int net_sam_addmem(struct net_context *c, int argc, const char **argv) { const char *groupdomain, *groupname, *memberdomain, *membername; DOM_SID group, member; @@ -988,7 +1004,7 @@ static int net_sam_addmem(int argc, const char **argv) * Delete a group member */ -static int net_sam_delmem(int argc, const char **argv) +static int net_sam_delmem(struct net_context *c, int argc, const char **argv) { const char *groupdomain, *groupname; const char *memberdomain = NULL; @@ -1048,7 +1064,7 @@ static int net_sam_delmem(int argc, const char **argv) * List group members */ -static int net_sam_listmem(int argc, const char **argv) +static int net_sam_listmem(struct net_context *c, int argc, const char **argv) { const char *groupdomain, *groupname; DOM_SID group; @@ -1104,7 +1120,7 @@ static int net_sam_listmem(int argc, const char **argv) /* * Do the listing */ -static int net_sam_do_list(int argc, const char **argv, +static int net_sam_do_list(struct net_context *c, int argc, const char **argv, struct pdb_search *search, const char *what) { bool verbose = (argc == 1); @@ -1139,34 +1155,39 @@ static int net_sam_do_list(int argc, const char **argv, return 0; } -static int net_sam_list_users(int argc, const char **argv) +static int net_sam_list_users(struct net_context *c, int argc, + const char **argv) { - return net_sam_do_list(argc, argv, pdb_search_users(ACB_NORMAL), + return net_sam_do_list(c, argc, argv, pdb_search_users(ACB_NORMAL), "users"); } -static int net_sam_list_groups(int argc, const char **argv) +static int net_sam_list_groups(struct net_context *c, int argc, + const char **argv) { - return net_sam_do_list(argc, argv, pdb_search_groups(), "groups"); + return net_sam_do_list(c, argc, argv, pdb_search_groups(), "groups"); } -static int net_sam_list_localgroups(int argc, const char **argv) +static int net_sam_list_localgroups(struct net_context *c, int argc, + const char **argv) { - return net_sam_do_list(argc, argv, + return net_sam_do_list(c, argc, argv, pdb_search_aliases(get_global_sam_sid()), "localgroups"); } -static int net_sam_list_builtin(int argc, const char **argv) +static int net_sam_list_builtin(struct net_context *c, int argc, + const char **argv) { - return net_sam_do_list(argc, argv, + return net_sam_do_list(c, argc, argv, pdb_search_aliases(&global_sid_Builtin), "builtin"); } -static int net_sam_list_workstations(int argc, const char **argv) +static int net_sam_list_workstations(struct net_context *c, int argc, + const char **argv) { - return net_sam_do_list(argc, argv, + return net_sam_do_list(c, argc, argv, pdb_search_users(ACB_WSTRUST), "workstations"); } @@ -1175,7 +1196,7 @@ static int net_sam_list_workstations(int argc, const char **argv) * List stuff */ -static int net_sam_list(int argc, const char **argv) +static int net_sam_list(struct net_context *c, int argc, const char **argv) { struct functable2 func[] = { { "users", net_sam_list_users, @@ -1191,14 +1212,14 @@ static int net_sam_list(int argc, const char **argv) {NULL, NULL} }; - return net_run_function2(argc, argv, "net sam list", func); + return net_run_function2(c, argc, argv, "net sam list", func); } /* * Show details of SAM entries */ -static int net_sam_show(int argc, const char **argv) +static int net_sam_show(struct net_context *c, int argc, const char **argv) { DOM_SID sid; enum lsa_SidType type; @@ -1228,7 +1249,7 @@ static int net_sam_show(int argc, const char **argv) * if ldapsam:editposix is enabled */ -static int net_sam_provision(int argc, const char **argv) +static int net_sam_provision(struct net_context *c, int argc, const char **argv) { TALLOC_CTX *tc; char *ldap_bk; @@ -1630,7 +1651,7 @@ failed: /*********************************************************** migrated functionality from smbgroupedit **********************************************************/ -int net_sam(int argc, const char **argv) +int net_sam(struct net_context *c, int argc, const char **argv) { struct functable2 func[] = { { "createbuiltingroup", net_sam_createbuiltingroup, @@ -1671,6 +1692,6 @@ int net_sam(int argc, const char **argv) "work\n"); } - return net_run_function2(argc, argv, "net sam", func); + return net_run_function2(c, argc, argv, "net sam", func); } -- cgit From 4206d9754486d2c1e18217cbcdbaad8f31f5244b Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 8 May 2008 11:23:38 +0200 Subject: net: more whitespace cleanup (This used to be commit ef0184d580500734fc7af51e1c790b075180a3d0) --- source3/utils/net_sam.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 9199f70400..32656f0276 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -452,7 +452,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg " \"\" \n"); return -1; } - + account_policy = argv[0]; field = account_policy_name_to_fieldnum(account_policy); @@ -478,7 +478,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg "fetch value!\n"); return -1; } - + printf("Account policy \"%s\" description: %s\n", account_policy, account_policy_get_desc(field)); printf("Account policy \"%s\" value is: %d\n", account_policy, @@ -901,16 +901,16 @@ static int net_sam_createbuiltingroup(struct net_context *c, int argc, const cha } /* validate the name and get the group */ - + fstrcpy( groupname, "BUILTIN\\" ); fstrcat( groupname, argv[0] ); - + if ( !lookup_name(talloc_tos(), groupname, LOOKUP_NAME_ALL, NULL, NULL, &sid, &type)) { d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]); return -1; } - + if ( !sid_peek_rid( &sid, &rid ) ) { d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]); return -1; @@ -964,7 +964,7 @@ static int net_sam_addmem(struct net_context *c, int argc, const char **argv) } if ( !lookup_sid(talloc_tos(), &member, &memberdomain, - &membername, &membertype) ) + &membername, &membertype) ) { d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]); return -1; @@ -994,7 +994,7 @@ static int net_sam_addmem(struct net_context *c, int argc, const char **argv) return -1; } - d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername, + d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername, groupdomain, groupname); return 0; @@ -1086,7 +1086,7 @@ static int net_sam_listmem(struct net_context *c, int argc, const char **argv) (grouptype == SID_NAME_WKN_GRP)) { DOM_SID *members = NULL; size_t i, num_members = 0; - + status = pdb_enum_aliasmem(&group, &members, &num_members); if (!NT_STATUS_IS_OK(status)) { @@ -1691,7 +1691,7 @@ int net_sam(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "You are not root, most things won't " "work\n"); } - + return net_run_function2(c, argc, argv, "net sam", func); } -- cgit From 16938883e6fcae7601eb6343177aa2d56dd2136e Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 12 May 2008 11:53:23 +0200 Subject: net: Use true/false instead of True/False. (This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a) --- source3/utils/net_sam.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 32656f0276..f603065f9c 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1136,7 +1136,7 @@ static int net_sam_do_list(struct net_context *c, int argc, const char **argv, return -1; } - while (True) { + while (true) { struct samr_displayentry entry; if (!search->next_entry(search, &entry)) { break; @@ -1288,8 +1288,8 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv) goto failed; } - if (!lp_parm_bool(-1, "ldapsam", "trusted", False) || - !lp_parm_bool(-1, "ldapsam", "editposix", False)) { + if (!lp_parm_bool(-1, "ldapsam", "trusted", false) || + !lp_parm_bool(-1, "ldapsam", "editposix", false)) { d_fprintf(stderr, "Provisioning works only if ldapsam:trusted" " and ldapsam:editposix are enabled.\n"); -- cgit From cd06703a3f382bd114ae7634cdd7c630947cf785 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sat, 7 Jun 2008 02:13:52 +0200 Subject: net: Make "net sam" use functable3 (This used to be commit b161fb7cfe3d0f5c2e853d5759420817c6ed7c0f) --- source3/utils/net_sam.c | 461 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 351 insertions(+), 110 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index f603065f9c..140bc53719 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -36,7 +36,7 @@ static int net_sam_userset(struct net_context *c, int argc, const char **argv, const char *dom, *name; NTSTATUS status; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam set %s \n", field); return -1; @@ -139,8 +139,9 @@ static int net_sam_set_userflag(struct net_context *c, int argc, NTSTATUS status; uint16 acct_flags; - if ((argc != 2) || (!strequal(argv[1], "yes") && - !strequal(argv[1], "no"))) { + if ((argc != 2) || c->display_usage || + (!strequal(argv[1], "yes") && + !strequal(argv[1], "no"))) { d_fprintf(stderr, "usage: net sam set %s [yes|no]\n", field); return -1; @@ -229,8 +230,9 @@ static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc, const char *dom, *name; NTSTATUS status; - if ((argc != 2) || (!strequal(argv[1], "yes") && - !strequal(argv[1], "no"))) { + if ((argc != 2) || c->display_usage || + (!strequal(argv[1], "yes") && + !strequal(argv[1], "no"))) { d_fprintf(stderr, "usage: net sam set pwdmustchangenow [yes|no]\n"); return -1; } @@ -291,7 +293,7 @@ static int net_sam_set_comment(struct net_context *c, int argc, const char *dom, *name; NTSTATUS status; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam set comment " "\n"); return -1; @@ -338,35 +340,107 @@ static int net_sam_set_comment(struct net_context *c, int argc, static int net_sam_set(struct net_context *c, int argc, const char **argv) { - struct functable2 func[] = { - { "homedir", net_sam_set_homedir, - "Change a user's home directory" }, - { "profilepath", net_sam_set_profilepath, - "Change a user's profile path" }, - { "comment", net_sam_set_comment, - "Change a users or groups description" }, - { "fullname", net_sam_set_fullname, - "Change a user's full name" }, - { "logonscript", net_sam_set_logonscript, - "Change a user's logon script" }, - { "homedrive", net_sam_set_homedrive, - "Change a user's home drive" }, - { "workstations", net_sam_set_workstations, - "Change a user's allowed workstations" }, - { "disabled", net_sam_set_disabled, - "Disable/Enable a user" }, - { "pwnotreq", net_sam_set_pwnotreq, - "Disable/Enable the password not required flag" }, - { "autolock", net_sam_set_autolock, - "Disable/Enable a user's lockout flag" }, - { "pwnoexp", net_sam_set_pwnoexp, - "Disable/Enable whether a user's pw does not expire" }, - { "pwdmustchangenow", net_sam_set_pwdmustchangenow, - "Force users password must change at next logon" }, - {NULL, NULL} + struct functable3 func[] = { + { + "homedir", + net_sam_set_homedir, + NET_TRANSPORT_LOCAL, + "Change a user's home directory", + "net sam set homedir\n" + " Change a user's home directory" + }, + { + "profilepath", + net_sam_set_profilepath, + NET_TRANSPORT_LOCAL, + "Change a user's profile path", + "net sam set profilepath\n" + " Change a user's profile path" + }, + { + "comment", + net_sam_set_comment, + NET_TRANSPORT_LOCAL, + "Change a users or groups description", + "net sam set comment\n" + " Change a users or groups description" + }, + { + "fullname", + net_sam_set_fullname, + NET_TRANSPORT_LOCAL, + "Change a user's full name", + "net sam set fullname\n" + " Change a user's full name" + }, + { + "logonscript", + net_sam_set_logonscript, + NET_TRANSPORT_LOCAL, + "Change a user's logon script", + "net sam set logonscript\n" + " Change a user's logon script" + }, + { + "homedrive", + net_sam_set_homedrive, + NET_TRANSPORT_LOCAL, + "Change a user's home drive", + "net sam set homedrive\n" + " Change a user's home drive" + }, + { + "workstations", + net_sam_set_workstations, + NET_TRANSPORT_LOCAL, + "Change a user's allowed workstations", + "net sam set workstations\n" + " Change a user's allowed workstations" + }, + { + "disabled", + net_sam_set_disabled, + NET_TRANSPORT_LOCAL, + "Disable/Enable a user", + "net sam set disable\n" + " Disable/Enable a user" + }, + { + "pwnotreq", + net_sam_set_pwnotreq, + NET_TRANSPORT_LOCAL, + "Disable/Enable the password not required flag", + "net sam set pwnotreq\n" + " Disable/Enable the password not required flag" + }, + { + "autolock", + net_sam_set_autolock, + NET_TRANSPORT_LOCAL, + "Disable/Enable a user's lockout flag", + "net sam set autolock\n" + " Disable/Enable a user's lockout flag" + }, + { + "pwnoexp", + net_sam_set_pwnoexp, + NET_TRANSPORT_LOCAL, + "Disable/Enable whether a user's pw does not expire", + "net sam set pwnoexp\n" + " Disable/Enable whether a user's pw does not expire" + }, + { + "pwdmustchangenow", + net_sam_set_pwdmustchangenow, + NET_TRANSPORT_LOCAL, + "Force users password must change at next logon", + "net sam set pwdmustchangenow\n" + " Force users password must change at next logon" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function2(c, argc, argv, "net sam set", func); + return net_run_function3(c, argc, argv, "net sam set", func); } /* @@ -381,7 +455,7 @@ static int net_sam_policy_set(struct net_context *c, int argc, const char **argv int field; char *endptr; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam policy set " "\"\" \n"); return -1; @@ -447,7 +521,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg uint32 old_value; int field; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam policy show" " \"\" \n"); return -1; @@ -491,6 +565,14 @@ static int net_sam_policy_list(struct net_context *c, int argc, const char **arg const char **names; int count; int i; + + if (c->display_usage) { + d_printf("Usage:\n" + "net sam policy list\n" + " List account policies\n"); + return 0; + } + account_policy_names_list(&names, &count); if (count != 0) { d_fprintf(stderr, "Valid account policies " @@ -505,17 +587,35 @@ static int net_sam_policy_list(struct net_context *c, int argc, const char **arg static int net_sam_policy(struct net_context *c, int argc, const char **argv) { - struct functable2 func[] = { - { "list", net_sam_policy_list, - "List account policies" }, - { "show", net_sam_policy_show, - "Show account policies" }, - { "set", net_sam_policy_set, - "Change account policies" }, - {NULL, NULL} + struct functable3 func[] = { + { + "list", + net_sam_policy_list, + NET_TRANSPORT_LOCAL, + "List account policies", + "net sam policy list\n" + " List account policies" + }, + { + "show", + net_sam_policy_show, + NET_TRANSPORT_LOCAL, + "Show account policies", + "net sam policy show\n" + " Show account policies" + }, + { + "set", + net_sam_policy_set, + NET_TRANSPORT_LOCAL, + "Change account policies", + "net sam policy set\n" + " Change account policies" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function2(c, argc, argv, "net sam policy", func); + return net_run_function3(c, argc, argv, "net sam policy", func); } extern PRIVS privs[]; @@ -525,7 +625,7 @@ static int net_sam_rights_list(struct net_context *c, int argc, { SE_PRIV mask; - if (argc > 1) { + if (argc > 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam rights list [privilege name]\n"); return -1; } @@ -579,7 +679,7 @@ static int net_sam_rights_grant(struct net_context *c, int argc, const char *dom, *name; SE_PRIV mask; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam rights grant " "\n"); return -1; @@ -612,7 +712,7 @@ static int net_sam_rights_revoke(struct net_context *c, int argc, const char **a const char *dom, *name; SE_PRIV mask; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam rights revoke " "\n"); return -1; @@ -640,16 +740,34 @@ static int net_sam_rights_revoke(struct net_context *c, int argc, const char **a static int net_sam_rights(struct net_context *c, int argc, const char **argv) { - struct functable2 func[] = { - { "list", net_sam_rights_list, - "List possible user rights" }, - { "grant", net_sam_rights_grant, - "Grant a right" }, - { "revoke", net_sam_rights_revoke, - "Revoke a right" }, - { NULL } + struct functable3 func[] = { + { + "list", + net_sam_rights_list, + NET_TRANSPORT_LOCAL, + "List possible user rights", + "net sam rights list\n" + " List possible user rights" + }, + { + "grant", + net_sam_rights_grant, + NET_TRANSPORT_LOCAL, + "Grant a right", + "net sam rights grant\n" + " Grant a right" + }, + { + "revoke", + net_sam_rights_revoke, + NET_TRANSPORT_LOCAL, + "Revoke a right", + "net sam rights revoke\n" + " Revoke a right" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function2(c, argc, argv, "net sam rights", func); + return net_run_function3(c, argc, argv, "net sam rights", func); } /* @@ -717,7 +835,7 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar GROUP_MAP map; struct group *grp; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam mapunixgroup \n"); return -1; } @@ -779,7 +897,7 @@ static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char ** GROUP_MAP map; struct group *grp; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam unmapunixgroup \n"); return -1; } @@ -812,7 +930,7 @@ static int net_sam_createlocalgroup(struct net_context *c, int argc, const char NTSTATUS status; uint32 rid; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam createlocalgroup \n"); return -1; } @@ -847,7 +965,7 @@ static int net_sam_deletelocalgroup(struct net_context *c, int argc, const char const char *dom, *name; NTSTATUS status; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam deletelocalgroup \n"); return -1; } @@ -889,7 +1007,7 @@ static int net_sam_createbuiltingroup(struct net_context *c, int argc, const cha fstring groupname; DOM_SID sid; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam createbuiltingroup \n"); return -1; } @@ -940,7 +1058,7 @@ static int net_sam_addmem(struct net_context *c, int argc, const char **argv) enum lsa_SidType grouptype, membertype; NTSTATUS status; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam addmem \n"); return -1; } @@ -1013,7 +1131,7 @@ static int net_sam_delmem(struct net_context *c, int argc, const char **argv) enum lsa_SidType grouptype; NTSTATUS status; - if (argc != 2) { + if (argc != 2 || c->display_usage) { d_fprintf(stderr, "usage: net sam delmem \n"); return -1; } @@ -1071,7 +1189,7 @@ static int net_sam_listmem(struct net_context *c, int argc, const char **argv) enum lsa_SidType grouptype; NTSTATUS status; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam listmem \n"); return -1; } @@ -1125,7 +1243,7 @@ static int net_sam_do_list(struct net_context *c, int argc, const char **argv, { bool verbose = (argc == 1); - if ((argc > 1) || + if ((argc > 1) || c->display_usage || ((argc == 1) && !strequal(argv[0], "verbose"))) { d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what); return -1; @@ -1198,21 +1316,51 @@ static int net_sam_list_workstations(struct net_context *c, int argc, static int net_sam_list(struct net_context *c, int argc, const char **argv) { - struct functable2 func[] = { - { "users", net_sam_list_users, - "List SAM users" }, - { "groups", net_sam_list_groups, - "List SAM groups" }, - { "localgroups", net_sam_list_localgroups, - "List SAM local groups" }, - { "builtin", net_sam_list_builtin, - "List builtin groups" }, - { "workstations", net_sam_list_workstations, - "List domain member workstations" }, - {NULL, NULL} + struct functable3 func[] = { + { + "users", + net_sam_list_users, + NET_TRANSPORT_LOCAL, + "List SAM users", + "net sam list users\n" + " List SAM users" + }, + { + "groups", + net_sam_list_groups, + NET_TRANSPORT_LOCAL, + "List SAM groups", + "net sam list groups\n" + " List SAM groups" + }, + { + "localgroups", + net_sam_list_localgroups, + NET_TRANSPORT_LOCAL, + "List SAM local groups", + "net sam list localgroups\n" + " List SAM local groups" + }, + { + "builtin", + net_sam_list_builtin, + NET_TRANSPORT_LOCAL, + "List builtin groups", + "net sam list builtin\n" + " List builtin groups" + }, + { + "workstations", + net_sam_list_workstations, + NET_TRANSPORT_LOCAL, + "List domain member workstations", + "net sam list workstations\n" + " List domain member workstations" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function2(c, argc, argv, "net sam list", func); + return net_run_function3(c, argc, argv, "net sam list", func); } /* @@ -1225,7 +1373,7 @@ static int net_sam_show(struct net_context *c, int argc, const char **argv) enum lsa_SidType type; const char *dom, *name; - if (argc != 1) { + if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam show \n"); return -1; } @@ -1263,6 +1411,13 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv) struct samu *samuser; struct passwd *pwd; + if (c->display_usage) { + d_printf("Usage:\n" + "net sam provision\n" + " Init an LDAP tree with default users/groups\n"); + return 0; + } + tc = talloc_new(NULL); if (!tc) { d_fprintf(stderr, "Out of Memory!\n"); @@ -1653,38 +1808,124 @@ failed: **********************************************************/ int net_sam(struct net_context *c, int argc, const char **argv) { - struct functable2 func[] = { - { "createbuiltingroup", net_sam_createbuiltingroup, - "Create a new BUILTIN group" }, - { "createlocalgroup", net_sam_createlocalgroup, - "Create a new local group" }, - { "deletelocalgroup", net_sam_deletelocalgroup, - "Delete an existing local group" }, - { "mapunixgroup", net_sam_mapunixgroup, - "Map a unix group to a domain group" }, - { "unmapunixgroup", net_sam_unmapunixgroup, - "Remove a group mapping of an unix group to a domain group" }, - { "addmem", net_sam_addmem, - "Add a member to a group" }, - { "delmem", net_sam_delmem, - "Delete a member from a group" }, - { "listmem", net_sam_listmem, - "List group members" }, - { "list", net_sam_list, - "List users, groups and local groups" }, - { "show", net_sam_show, - "Show details of a SAM entry" }, - { "set", net_sam_set, - "Set details of a SAM account" }, - { "policy", net_sam_policy, - "Set account policies" }, - { "rights", net_sam_rights, - "Manipulate user privileges" }, + struct functable3 func[] = { + { + "createbuiltingroup", + net_sam_createbuiltingroup, + NET_TRANSPORT_LOCAL, + "Create a new BUILTIN group", + "net sam createbuiltingroup\n" + " Create a new BUILTIN group" + }, + { + "createlocalgroup", + net_sam_createlocalgroup, + NET_TRANSPORT_LOCAL, + "Create a new local group", + "net sam createlocalgroup\n" + " Create a new local group" + }, + { + "deletelocalgroup", + net_sam_deletelocalgroup, + NET_TRANSPORT_LOCAL, + "Delete an existing local group", + "net sam deletelocalgroup\n" + " Delete an existing local group" + }, + { + "mapunixgroup", + net_sam_mapunixgroup, + NET_TRANSPORT_LOCAL, + "Map a unix group to a domain group", + "net sam mapunixgroup\n" + " Map a unix group to a domain group" + }, + { + "unmapunixgroup", + net_sam_unmapunixgroup, + NET_TRANSPORT_LOCAL, + "Remove a group mapping of an unix group to a domain " + "group", + "net sam unmapunixgroup\n" + " Remove a group mapping of an unix group to a " + "domain group" + }, + { + "addmem", + net_sam_addmem, + NET_TRANSPORT_LOCAL, + "Add a member to a group", + "net sam addmem\n" + " Add a member to a group" + }, + { + "delmem", + net_sam_delmem, + NET_TRANSPORT_LOCAL, + "Delete a member from a group", + "net sam delmem\n" + " Delete a member from a group" + }, + { + "listmem", + net_sam_listmem, + NET_TRANSPORT_LOCAL, + "List group members", + "net sam listmem\n" + " List group members" + }, + { + "list", + net_sam_list, + NET_TRANSPORT_LOCAL, + "List users, groups and local groups", + "net sam list\n" + " List users, groups and local groups" + }, + { + "show", + net_sam_show, + NET_TRANSPORT_LOCAL, + "Show details of a SAM entry", + "net sam show\n" + " Show details of a SAM entry" + }, + { + "set", + net_sam_set, + NET_TRANSPORT_LOCAL, + "Set details of a SAM account", + "net sam set\n" + " Set details of a SAM account" + }, + { + "policy", + net_sam_policy, + NET_TRANSPORT_LOCAL, + "Set account policies", + "net sam policy\n" + " Set account policies" + }, + { + "rights", + net_sam_rights, + NET_TRANSPORT_LOCAL, + "Manipulate user privileges", + "net sam rights\n" + " Manipulate user privileges" + }, #ifdef HAVE_LDAP - { "provision", net_sam_provision, - "Provision a clean User Database" }, + { + "provision", + net_sam_provision, + NET_TRANSPORT_LOCAL, + "Provision a clean user database", + "net sam privison\n" + " Provision a clear user database" + }, #endif - { NULL, NULL, NULL } + {NULL, NULL, 0, NULL, NULL} }; if (getuid() != 0) { @@ -1692,6 +1933,6 @@ int net_sam(struct net_context *c, int argc, const char **argv) "work\n"); } - return net_run_function2(c, argc, argv, "net sam", func); + return net_run_function3(c, argc, argv, "net sam", func); } -- cgit From 255bdb26025a5025bc60637dd924f6ec71c49ee5 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sat, 7 Jun 2008 02:25:08 +0200 Subject: net: Rename functable3 to functable, get rid of old functables (This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07) --- source3/utils/net_sam.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 140bc53719..2183ed5efc 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -340,7 +340,7 @@ static int net_sam_set_comment(struct net_context *c, int argc, static int net_sam_set(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "homedir", net_sam_set_homedir, @@ -440,7 +440,7 @@ static int net_sam_set(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net sam set", func); + return net_run_function(c, argc, argv, "net sam set", func); } /* @@ -587,7 +587,7 @@ static int net_sam_policy_list(struct net_context *c, int argc, const char **arg static int net_sam_policy(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "list", net_sam_policy_list, @@ -615,7 +615,7 @@ static int net_sam_policy(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net sam policy", func); + return net_run_function(c, argc, argv, "net sam policy", func); } extern PRIVS privs[]; @@ -740,7 +740,7 @@ static int net_sam_rights_revoke(struct net_context *c, int argc, const char **a static int net_sam_rights(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "list", net_sam_rights_list, @@ -767,7 +767,7 @@ static int net_sam_rights(struct net_context *c, int argc, const char **argv) }, {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net sam rights", func); + return net_run_function(c, argc, argv, "net sam rights", func); } /* @@ -1316,7 +1316,7 @@ static int net_sam_list_workstations(struct net_context *c, int argc, static int net_sam_list(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "users", net_sam_list_users, @@ -1360,7 +1360,7 @@ static int net_sam_list(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net sam list", func); + return net_run_function(c, argc, argv, "net sam list", func); } /* @@ -1808,7 +1808,7 @@ failed: **********************************************************/ int net_sam(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "createbuiltingroup", net_sam_createbuiltingroup, @@ -1933,6 +1933,6 @@ int net_sam(struct net_context *c, int argc, const char **argv) "work\n"); } - return net_run_function3(c, argc, argv, "net sam", func); + return net_run_function(c, argc, argv, "net sam", func); } -- cgit From 00168e4d5ab0b32c3dcb68d4702a1eba23706517 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 17 Jun 2008 23:56:42 +0200 Subject: net sam: fix typo in debug message. Michael (This used to be commit 6d7f64c3481d3aa7ec6b0d468f3d6218f62cd92e) --- source3/utils/net_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 2183ed5efc..fe2f5f6b8b 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1013,7 +1013,7 @@ static int net_sam_createbuiltingroup(struct net_context *c, int argc, const cha } if (!winbind_ping()) { - d_fprintf(stderr, "winbind seems not to run. createlocalgroup " + d_fprintf(stderr, "winbind seems not to run. createbuiltingroup " "only works when winbind runs.\n"); return -1; } -- cgit From 92c983292e3dda06952ef6a01d3f2a23f1c323ec Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 17 Jun 2008 23:57:26 +0200 Subject: net sam: fix typo in comment Michael (This used to be commit b9f6904044889328ded229b7ff04d31218f4fef8) --- source3/utils/net_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_sam.c') diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index fe2f5f6b8b..ce132131f7 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -996,7 +996,7 @@ static int net_sam_deletelocalgroup(struct net_context *c, int argc, const char } /* - * Create a local group + * Create a builtin group */ static int net_sam_createbuiltingroup(struct net_context *c, int argc, const char **argv) -- cgit