/********************************************************* Figure out if the input was an NT group or a SID string. Return the SID. **********************************************************/ static bool get_sid_from_input(struct dom_sid *sid, char *input) { GROUP_MAP *map; map = talloc_zero(NULL, GROUP_MAP); if (!map) { return false; } if (strncasecmp_m( input, "S-", 2)) { /* Perhaps its the NT group name? */ if (!pdb_getgrnam(map, input)) { printf(_("NT Group %s doesn't exist in mapping DB\n"), input); TALLOC_FREE(map); return false; } else { *sid = map->sid; } } else { if (!string_to_sid(sid, input)) { printf(_("converting sid %s from a string failed!\n"), input); TALLOC_FREE(map); return false; } } TALLOC_FREE(map); return true; }
/********************************************************* Figure out if the input was an NT group or a SID string. Return the SID. **********************************************************/ static bool get_sid_from_input(DOM_SID *sid, char *input) { GROUP_MAP map; if (StrnCaseCmp( input, "S-", 2)) { /* Perhaps its the NT group name? */ if (!pdb_getgrnam(&map, input)) { printf(_("NT Group %s doesn't exist in mapping DB\n"), input); return false; } else { *sid = map.sid; } } else { if (!string_to_sid(sid, input)) { printf(_("converting sid %s from a string failed!\n"), input); return false; } } return true; }
static int net_groupmap_set(struct net_context *c, int argc, const char **argv) { const char *ntgroup = NULL; struct group *grp = NULL; GROUP_MAP *map; bool have_map = false; if ((argc < 1) || (argc > 2) || c->display_usage) { d_printf("%s\n%s", _("Usage:"), _(" net groupmap set \"NT Group\" " "[\"unix group\"] [-C \"comment\"] [-L] [-D]\n")); return -1; } if ( c->opt_localgroup && c->opt_domaingroup ) { d_printf(_("Can only specify -L or -D, not both\n")); return -1; } ntgroup = argv[0]; if (argc == 2) { grp = getgrnam(argv[1]); if (grp == NULL) { d_fprintf(stderr, _("Could not find unix group %s\n"), argv[1]); return -1; } } map = talloc_zero(NULL, GROUP_MAP); if (!map) { d_printf(_("Out of memory!\n")); return -1; } have_map = pdb_getgrnam(map, ntgroup); if (!have_map) { struct dom_sid sid; have_map = ( (strncmp(ntgroup, "S-", 2) == 0) && string_to_sid(&sid, ntgroup) && pdb_getgrsid(map, sid) ); } if (!have_map) { /* Ok, add it */ if (grp == NULL) { d_fprintf(stderr, _("Could not find group mapping for %s\n"), ntgroup); TALLOC_FREE(map); return -1; } map->gid = grp->gr_gid; if (c->opt_rid == 0) { if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) { if ( !pdb_new_rid((uint32*)&c->opt_rid) ) { d_fprintf( stderr, _("Could not allocate new RID\n")); TALLOC_FREE(map); return -1; } } else { c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid); } } sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid); map->sid_name_use = SID_NAME_DOM_GRP; map->nt_name = talloc_strdup(map, ntgroup); map->comment = talloc_strdup(map, ""); if (!map->nt_name || !map->comment) { d_printf(_("Out of memory!\n")); TALLOC_FREE(map); return -1; } if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not add mapping entry for %s\n"), ntgroup); TALLOC_FREE(map); return -1; } } /* Now we have a mapping entry, update that stuff */ if ( c->opt_localgroup || c->opt_domaingroup ) { if (map->sid_name_use == SID_NAME_WKN_GRP) { d_fprintf(stderr, _("Can't change type of the BUILTIN " "group %s\n"), map->nt_name); TALLOC_FREE(map); return -1; } } if (c->opt_localgroup) map->sid_name_use = SID_NAME_ALIAS; if (c->opt_domaingroup) map->sid_name_use = SID_NAME_DOM_GRP; /* The case (opt_domaingroup && opt_localgroup) was tested for above */ if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) { map->comment = talloc_strdup(map, c->opt_comment); if (!map->comment) { d_printf(_("Out of memory!\n")); TALLOC_FREE(map); return -1; } } if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) { map->nt_name = talloc_strdup(map, c->opt_newntname); if (!map->nt_name) { d_printf(_("Out of memory!\n")); TALLOC_FREE(map); return -1; } } if (grp != NULL) map->gid = grp->gr_gid; if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not update group mapping for %s\n"), ntgroup); TALLOC_FREE(map); return -1; } TALLOC_FREE(map); return 0; }