NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, const DOM_SID *sid, struct acct_info *info) { GROUP_MAP map; if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; fstrcpy(map.nt_name, info->acct_name); fstrcpy(map.comment, info->acct_desc); return pdb_update_group_mapping_entry(&map); }
NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, const DOM_SID *sid, struct acct_info *info) { GROUP_MAP map; if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; if ((map.sid_name_use != SID_NAME_ALIAS) && (map.sid_name_use != SID_NAME_WKN_GRP)) { DEBUG(2, ("%s is a %s, expected an alias\n", sid_string_dbg(sid), sid_type_lookup(map.sid_name_use))); return NT_STATUS_NO_SUCH_ALIAS; } fstrcpy(info->acct_name, map.nt_name); fstrcpy(info->acct_desc, map.comment); sid_peek_rid(&map.sid, &info->rid); return NT_STATUS_OK; }
/********************************************************* List the groups. **********************************************************/ static int net_groupmap_list(struct net_context *c, int argc, const char **argv) { size_t entries; bool long_list = false; size_t i; fstring ntgroup = ""; fstring sid_string = ""; const char list_usage_str[] = N_("net groupmap list [verbose] " "[ntgroup=NT group] [sid=SID]\n" " verbose\tPrint verbose list\n" " ntgroup\tNT group to list\n" " sid\tSID of group to list"); if (c->display_usage) { d_printf("%s\n%s\n", _("Usage: "), list_usage_str); return 0; } if (c->opt_verbose || c->opt_long_list_entries) long_list = true; /* get the options */ for ( i=0; i<argc; i++ ) { if ( !strcasecmp_m(argv[i], "verbose")) { long_list = true; } else if ( !strncasecmp_m(argv[i], "ntgroup", strlen("ntgroup")) ) { fstrcpy( ntgroup, get_string_param( argv[i] ) ); if ( !ntgroup[0] ) { d_fprintf(stderr, _("must supply a name\n")); return -1; } } else if ( !strncasecmp_m(argv[i], "sid", strlen("sid")) ) { fstrcpy( sid_string, get_string_param( argv[i] ) ); if ( !sid_string[0] ) { d_fprintf(stderr, _("must supply a SID\n")); return -1; } } else { d_fprintf(stderr, _("Bad option: %s\n"), argv[i]); d_printf("%s\n%s\n", _("Usage:"), list_usage_str); return -1; } } /* list a single group is given a name */ if ( ntgroup[0] || sid_string[0] ) { struct dom_sid sid; GROUP_MAP *map; if ( sid_string[0] ) strlcpy(ntgroup, sid_string, sizeof(ntgroup)); if (!get_sid_from_input(&sid, ntgroup)) { return -1; } map = talloc_zero(NULL, GROUP_MAP); if (!map) { return -1; } /* Get the current mapping from the database */ if(!pdb_getgrsid(map, sid)) { d_fprintf(stderr, _("Failure to local group SID in the " "database\n")); TALLOC_FREE(map); return -1; } print_map_entry(map, long_list ); TALLOC_FREE(map); } else { GROUP_MAP **maps = NULL; bool ok = false; /* enumerate all group mappings */ ok = pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &entries, ENUM_ALL_MAPPED); if (!ok) { return -1; } for (i=0; i<entries; i++) { print_map_entry(maps[i], long_list); } TALLOC_FREE(maps); } return 0; }
static int net_groupmap_set(struct net_context *c, int argc, const char **argv) { const char *ntgroup = NULL; struct group *grp = NULL; GROUP_MAP *map; bool have_map = false; if ((argc < 1) || (argc > 2) || c->display_usage) { d_printf("%s\n%s", _("Usage:"), _(" net groupmap set \"NT Group\" " "[\"unix group\"] [-C \"comment\"] [-L] [-D]\n")); return -1; } if ( c->opt_localgroup && c->opt_domaingroup ) { d_printf(_("Can only specify -L or -D, not both\n")); return -1; } ntgroup = argv[0]; if (argc == 2) { grp = getgrnam(argv[1]); if (grp == NULL) { d_fprintf(stderr, _("Could not find unix group %s\n"), argv[1]); return -1; } } map = talloc_zero(NULL, GROUP_MAP); if (!map) { d_printf(_("Out of memory!\n")); return -1; } have_map = pdb_getgrnam(map, ntgroup); if (!have_map) { struct dom_sid sid; have_map = ( (strncmp(ntgroup, "S-", 2) == 0) && string_to_sid(&sid, ntgroup) && pdb_getgrsid(map, sid) ); } if (!have_map) { /* Ok, add it */ if (grp == NULL) { d_fprintf(stderr, _("Could not find group mapping for %s\n"), ntgroup); TALLOC_FREE(map); return -1; } map->gid = grp->gr_gid; if (c->opt_rid == 0) { if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) { if ( !pdb_new_rid((uint32*)&c->opt_rid) ) { d_fprintf( stderr, _("Could not allocate new RID\n")); TALLOC_FREE(map); return -1; } } else { c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid); } } sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid); map->sid_name_use = SID_NAME_DOM_GRP; map->nt_name = talloc_strdup(map, ntgroup); map->comment = talloc_strdup(map, ""); if (!map->nt_name || !map->comment) { d_printf(_("Out of memory!\n")); TALLOC_FREE(map); return -1; } if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not add mapping entry for %s\n"), ntgroup); TALLOC_FREE(map); return -1; } } /* Now we have a mapping entry, update that stuff */ if ( c->opt_localgroup || c->opt_domaingroup ) { if (map->sid_name_use == SID_NAME_WKN_GRP) { d_fprintf(stderr, _("Can't change type of the BUILTIN " "group %s\n"), map->nt_name); TALLOC_FREE(map); return -1; } } if (c->opt_localgroup) map->sid_name_use = SID_NAME_ALIAS; if (c->opt_domaingroup) map->sid_name_use = SID_NAME_DOM_GRP; /* The case (opt_domaingroup && opt_localgroup) was tested for above */ if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) { map->comment = talloc_strdup(map, c->opt_comment); if (!map->comment) { d_printf(_("Out of memory!\n")); TALLOC_FREE(map); return -1; } } if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) { map->nt_name = talloc_strdup(map, c->opt_newntname); if (!map->nt_name) { d_printf(_("Out of memory!\n")); TALLOC_FREE(map); return -1; } } if (grp != NULL) map->gid = grp->gr_gid; if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not update group mapping for %s\n"), ntgroup); TALLOC_FREE(map); return -1; } TALLOC_FREE(map); return 0; }
static int net_groupmap_modify(struct net_context *c, int argc, const char **argv) { struct dom_sid sid; GROUP_MAP *map = NULL; fstring ntcomment = ""; fstring type = ""; fstring ntgroup = ""; fstring unixgrp = ""; fstring sid_string = ""; enum lsa_SidType sid_type = SID_NAME_UNKNOWN; int i; gid_t gid; const char modify_usage_str[] = N_("net groupmap modify " "{ntgroup=<string>|sid=<SID>} " "[comment=<string>] " "[unixgroup=<string>] " "[type=<domain|local>]"); if (c->display_usage) { d_printf("%s\n%s\n", _("Usage:\n"), modify_usage_str); return 0; } /* get the options */ for ( i=0; i<argc; i++ ) { if ( !strncasecmp_m(argv[i], "ntgroup", strlen("ntgroup")) ) { fstrcpy( ntgroup, get_string_param( argv[i] ) ); if ( !ntgroup[0] ) { d_fprintf(stderr, _("must supply a name\n")); return -1; } } else if ( !strncasecmp_m(argv[i], "sid", strlen("sid")) ) { fstrcpy( sid_string, get_string_param( argv[i] ) ); if ( !sid_string[0] ) { d_fprintf(stderr, _("must supply a name\n")); return -1; } } else if ( !strncasecmp_m(argv[i], "comment", strlen("comment")) ) { fstrcpy( ntcomment, get_string_param( argv[i] ) ); if ( !ntcomment[0] ) { d_fprintf(stderr, _("must supply a comment string\n")); return -1; } } else if ( !strncasecmp_m(argv[i], "unixgroup", strlen("unixgroup")) ) { fstrcpy( unixgrp, get_string_param( argv[i] ) ); if ( !unixgrp[0] ) { d_fprintf(stderr, _("must supply a group name\n")); return -1; } } else if ( !strncasecmp_m(argv[i], "type", strlen("type")) ) { fstrcpy( type, get_string_param( argv[i] ) ); switch ( type[0] ) { case 'd': case 'D': sid_type = SID_NAME_DOM_GRP; break; case 'l': case 'L': sid_type = SID_NAME_ALIAS; break; } } else { d_fprintf(stderr, _("Bad option: %s\n"), argv[i]); return -1; } } if ( !ntgroup[0] && !sid_string[0] ) { d_printf("%s\n%s\n", _("Usage:\n"), modify_usage_str); return -1; } /* give preference to the SID; if both the ntgroup name and SID are defined, use the SID and assume that the group name could be a new name */ if ( sid_string[0] ) { if (!get_sid_from_input(&sid, sid_string)) { return -1; } } else { if (!get_sid_from_input(&sid, ntgroup)) { return -1; } } map = talloc_zero(NULL, GROUP_MAP); if (!map) { return -1; } /* Get the current mapping from the database */ if(!pdb_getgrsid(map, sid)) { d_fprintf(stderr, _("Failed to find local group SID in the database\n")); TALLOC_FREE(map); return -1; } /* * Allow changing of group type only between domain and local * We disallow changing Builtin groups !!! (SID problem) */ if (sid_type == SID_NAME_UNKNOWN) { d_fprintf(stderr, _("Can't map to an unknown group type.\n")); TALLOC_FREE(map); return -1; } if (map->sid_name_use == SID_NAME_WKN_GRP) { d_fprintf(stderr, _("You can only change between domain and local " "groups.\n")); TALLOC_FREE(map); return -1; } map->sid_name_use = sid_type; /* Change comment if new one */ if (ntcomment[0]) { map->comment = talloc_strdup(map, ntcomment); if (!map->comment) { d_fprintf(stderr, _("Out of memory!\n")); return -1; } } if (ntgroup[0]) { map->nt_name = talloc_strdup(map, ntgroup); if (!map->nt_name) { d_fprintf(stderr, _("Out of memory!\n")); return -1; } } if ( unixgrp[0] ) { gid = nametogid( unixgrp ); if ( gid == -1 ) { d_fprintf(stderr, _("Unable to lookup UNIX group %s. " "Make sure the group exists.\n"), unixgrp); TALLOC_FREE(map); return -1; } map->gid = gid; } if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not update group database\n")); TALLOC_FREE(map); return -1; } d_printf(_("Updated mapping entry for %s\n"), map->nt_name); TALLOC_FREE(map); return 0; }
bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; bool ret; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ become_root(); ret = pdb_getgrsid(map, sid); unbecome_root(); /* special case check for rid 513 */ if ( !ret ) { uint32 rid; sid_peek_rid( &sid, &rid ); if ( rid == DOMAIN_GROUP_RID_USERS ) { fstrcpy( map->nt_name, "None" ); fstrcpy( map->comment, "Ordinary Users" ); sid_copy( &map->sid, &sid ); map->sid_name_use = SID_NAME_DOM_GRP; map->gid = (gid_t)-1; return True; } return False; } DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); /* if it's not a domain group, continue */ if (map->sid_name_use!=SID_NAME_DOM_GRP) { return False; } DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); if (map->gid==-1) { return False; } DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); grp = getgrgid(map->gid); if ( !grp ) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); return False; } DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); return True; }