static int net_groupmap_modify(struct net_context *c, int argc, const char **argv)
{
struct dom_sid sid;
GROUP_MAP *map = NULL;
fstring ntcomment = "";
fstring type = "";
fstring ntgroup = "";
fstring unixgrp = "";
fstring sid_string = "";
enum lsa_SidType sid_type = SID_NAME_UNKNOWN;
int i;
gid_t gid;
const char modify_usage_str[] = N_("net groupmap modify "
"{ntgroup=<string>|sid=<SID>} "
"[comment=<string>] "
"[unixgroup=<string>] "
"[type=<domain|local>]");
if (c->display_usage) {
d_printf("%s\n%s\n", _("Usage:\n"), modify_usage_str);
return 0;
}
/* get the options */
for ( i=0; i<argc; i++ ) {
if ( !strncasecmp_m(argv[i], "ntgroup", strlen("ntgroup")) ) {
fstrcpy( ntgroup, get_string_param( argv[i] ) );
if ( !ntgroup[0] ) {
d_fprintf(stderr, _("must supply a name\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "sid", strlen("sid")) ) {
fstrcpy( sid_string, get_string_param( argv[i] ) );
if ( !sid_string[0] ) {
d_fprintf(stderr, _("must supply a name\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "comment", strlen("comment")) ) {
fstrcpy( ntcomment, get_string_param( argv[i] ) );
if ( !ntcomment[0] ) {
d_fprintf(stderr,
_("must supply a comment string\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "unixgroup", strlen("unixgroup")) ) {
fstrcpy( unixgrp, get_string_param( argv[i] ) );
if ( !unixgrp[0] ) {
d_fprintf(stderr,
_("must supply a group name\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "type", strlen("type")) ) {
fstrcpy( type, get_string_param( argv[i] ) );
switch ( type[0] ) {
case 'd':
case 'D':
sid_type = SID_NAME_DOM_GRP;
break;
case 'l':
case 'L':
sid_type = SID_NAME_ALIAS;
break;
}
}
else {
d_fprintf(stderr, _("Bad option: %s\n"), argv[i]);
return -1;
}
}
if ( !ntgroup[0] && !sid_string[0] ) {
d_printf("%s\n%s\n", _("Usage:\n"), modify_usage_str);
return -1;
}
/* give preference to the SID; if both the ntgroup name and SID
are defined, use the SID and assume that the group name could be a
new name */
if ( sid_string[0] ) {
if (!get_sid_from_input(&sid, sid_string)) {
return -1;
}
}
else {
if (!get_sid_from_input(&sid, ntgroup)) {
return -1;
}
}
map = talloc_zero(NULL, GROUP_MAP);
if (!map) {
return -1;
}
/* Get the current mapping from the database */
if(!pdb_getgrsid(map, sid)) {
d_fprintf(stderr,
_("Failed to find local group SID in the database\n"));
TALLOC_FREE(map);
return -1;
}
/*
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups !!! (SID problem)
*/
if (sid_type == SID_NAME_UNKNOWN) {
d_fprintf(stderr, _("Can't map to an unknown group type.\n"));
TALLOC_FREE(map);
return -1;
}
if (map->sid_name_use == SID_NAME_WKN_GRP) {
d_fprintf(stderr,
_("You can only change between domain and local "
"groups.\n"));
TALLOC_FREE(map);
return -1;
}
map->sid_name_use = sid_type;
/* Change comment if new one */
if (ntcomment[0]) {
map->comment = talloc_strdup(map, ntcomment);
if (!map->comment) {
d_fprintf(stderr, _("Out of memory!\n"));
return -1;
}
}
if (ntgroup[0]) {
map->nt_name = talloc_strdup(map, ntgroup);
if (!map->nt_name) {
d_fprintf(stderr, _("Out of memory!\n"));
return -1;
}
}
if ( unixgrp[0] ) {
gid = nametogid( unixgrp );
if ( gid == -1 ) {
d_fprintf(stderr, _("Unable to lookup UNIX group %s. "
"Make sure the group exists.\n"),
unixgrp);
TALLOC_FREE(map);
return -1;
}
map->gid = gid;
}
if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
d_fprintf(stderr, _("Could not update group database\n"));
TALLOC_FREE(map);
return -1;
}
d_printf(_("Updated mapping entry for %s\n"), map->nt_name);
TALLOC_FREE(map);
return 0;
}
static int
fswstat(Chan *c, uchar *buf, int n)
{
char *elem, *path, *npath, *strs, *t;
int nn;
Dir d;
UnixFd *ufd;
if(n < 2)
error(Ebadstat);
nn = GBIT16((uchar*)buf);
strs = smalloc(nn);
if(convM2D(buf, n, &d, strs) != n){
free(strs);
error(Ebadstat);
}
path = fspath(c, nil);
if(waserror()){
free(path);
free(strs);
nexterror();
}
if(d.muid[0])
error("cannot change muid");
if(d.uid[0] || d.gid[0]){
int uid, gid;
uid = -1;
gid = -1;
if(d.uid[0] && (uid = nametouid(d.uid)) < 0)
error("unknown uid");
if(d.gid[0] && (gid = nametogid(d.gid)) < 0)
error("unknown gid");
if(chown(path, uid, gid) < 0)
oserror();
}
ufd = c->aux;
elem = lastelem(path);
if(d.name[0] && strcmp(d.name, elem) != 0){
if(strchr(d.name, '/'))
error(Ebadarg);
npath = smalloc(strlen(path)+strlen(d.name)+1);
strcpy(npath, path);
t = strrchr(npath, '/');
strcpy(t+1, d.name);
if(rename(path, npath) < 0){
free(npath);
oserror();
}
free(npath);
}
if(~d.mode != 0 && chmod(path, d.mode&0777) < 0)
oserror();
// TODO: Code to change uid, gid.
poperror();
return n;
}
static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
{
struct dom_sid sid;
fstring ntgroup = "";
fstring unixgrp = "";
fstring string_sid = "";
fstring type = "";
fstring ntcomment = "";
enum lsa_SidType sid_type = SID_NAME_DOM_GRP;
uint32 rid = 0;
gid_t gid;
int i;
GROUP_MAP *map;
const char *name_type;
const char add_usage_str[] = N_("net groupmap add "
"{rid=<int>|sid=<string>}"
" unixgroup=<string> "
"[type=<domain|local|builtin>] "
"[ntgroup=<string>] "
"[comment=<string>]");
name_type = "domain group";
if (c->display_usage) {
d_printf("%s\n%s\n", _("Usage:\n"), add_usage_str);
return 0;
}
/* get the options */
for ( i=0; i<argc; i++ ) {
if ( !strncasecmp_m(argv[i], "rid", strlen("rid")) ) {
rid = get_int_param(argv[i]);
if ( rid < DOMAIN_RID_ADMINS ) {
d_fprintf(stderr,
_("RID must be greater than %d\n"),
(uint32)DOMAIN_RID_ADMINS-1);
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "unixgroup", strlen("unixgroup")) ) {
fstrcpy( unixgrp, get_string_param( argv[i] ) );
if ( !unixgrp[0] ) {
d_fprintf(stderr,_( "must supply a name\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "ntgroup", strlen("ntgroup")) ) {
fstrcpy( ntgroup, get_string_param( argv[i] ) );
if ( !ntgroup[0] ) {
d_fprintf(stderr, _("must supply a name\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "sid", strlen("sid")) ) {
fstrcpy( string_sid, get_string_param( argv[i] ) );
if ( !string_sid[0] ) {
d_fprintf(stderr, _("must supply a SID\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "comment", strlen("comment")) ) {
fstrcpy( ntcomment, get_string_param( argv[i] ) );
if ( !ntcomment[0] ) {
d_fprintf(stderr,
_("must supply a comment string\n"));
return -1;
}
}
else if ( !strncasecmp_m(argv[i], "type", strlen("type")) ) {
fstrcpy( type, get_string_param( argv[i] ) );
switch ( type[0] ) {
case 'b':
case 'B':
sid_type = SID_NAME_WKN_GRP;
name_type = "wellknown group";
break;
case 'd':
case 'D':
sid_type = SID_NAME_DOM_GRP;
name_type = "domain group";
break;
case 'l':
case 'L':
sid_type = SID_NAME_ALIAS;
name_type = "alias (local) group";
break;
default:
d_fprintf(stderr,
_("unknown group type %s\n"),
type);
return -1;
}
}
else {
d_fprintf(stderr, _("Bad option: %s\n"), argv[i]);
return -1;
}
}
if ( !unixgrp[0] ) {
d_printf("%s\n%s\n", _("Usage:\n"), add_usage_str);
return -1;
}
if ( (gid = nametogid(unixgrp)) == (gid_t)-1 ) {
d_fprintf(stderr, _("Can't lookup UNIX group %s\n"), unixgrp);
return -1;
}
map = talloc_zero(NULL, GROUP_MAP);
if (!map) {
return -1;
}
/* Default is domain group. */
map->sid_name_use = SID_NAME_DOM_GRP;
if (pdb_getgrgid(map, gid)) {
d_printf(_("Unix group %s already mapped to SID %s\n"),
unixgrp, sid_string_tos(&map->sid));
TALLOC_FREE(map);
return -1;
}
TALLOC_FREE(map);
if ( (rid == 0) && (string_sid[0] == '\0') ) {
d_printf(_("No rid or sid specified, choosing a RID\n"));
if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
if (!pdb_new_rid(&rid)) {
d_printf(_("Could not get new RID\n"));
}
} else {
rid = algorithmic_pdb_gid_to_group_rid(gid);
}
d_printf(_("Got RID %d\n"), rid);
}
/* append the rid to our own domain/machine SID if we don't have a full SID */
if ( !string_sid[0] ) {
sid_compose(&sid, get_global_sam_sid(), rid);
sid_to_fstring(string_sid, &sid);
}
if (!ntcomment[0]) {
switch (sid_type) {
case SID_NAME_WKN_GRP:
fstrcpy(ntcomment, "Wellknown Unix group");
break;
case SID_NAME_DOM_GRP:
fstrcpy(ntcomment, "Domain Unix group");
break;
case SID_NAME_ALIAS:
fstrcpy(ntcomment, "Local Unix group");
break;
default:
fstrcpy(ntcomment, "Unix group");
break;
}
}
if (!ntgroup[0] )
strlcpy(ntgroup, unixgrp, sizeof(ntgroup));
if (!NT_STATUS_IS_OK(add_initial_entry(gid, string_sid, sid_type, ntgroup, ntcomment))) {
d_fprintf(stderr, _("adding entry for group %s failed!\n"), ntgroup);
return -1;
}
d_printf(_("Successfully added group %s to the mapping db as a %s\n"),
ntgroup, name_type);
return 0;
}
