/* Given name and optional domain, look up SID, type, and canonical name */
idmap_retcode
lookup_lsa_by_name(
const char *name,
const char *domain,
char **ret_sidprefix,
uint32_t *ret_rid,
char **ret_name,
char **ret_domain,
idmap_id_type *ret_type)
{
lsa_account_t acct;
char *namedom = NULL;
idmap_retcode ret;
int rc;
(void) memset(&acct, 0, sizeof (acct));
*ret_sidprefix = NULL;
if (ret_name != NULL)
*ret_name = NULL;
if (ret_domain != NULL)
*ret_domain = NULL;
if (domain != NULL)
(void) asprintf(&namedom, "%s@%s", name, domain);
else
namedom = strdup(name);
if (namedom == NULL) {
ret = IDMAP_ERR_MEMORY;
goto out;
}
rc = smb_lookup_name(namedom, SidTypeUnknown, &acct);
if (rc != 0) {
idmapdlog(LOG_ERR, "Error: smb_lookup_name failed.");
idmapdlog(LOG_ERR,
"Check SMB service (svc:/network/smb/server).");
idmapdlog(LOG_ERR,
"Check connectivity to Active Directory.");
ret = IDMAP_ERR_OTHER;
goto out;
}
if (acct.a_status == NT_STATUS_NONE_MAPPED) {
ret = IDMAP_ERR_NOTFOUND;
goto out;
}
if (acct.a_status != NT_STATUS_SUCCESS) {
idmapdlog(LOG_WARNING,
"Warning: smb_lookup_name(%s) failed (0x%x)",
namedom, acct.a_status);
/* Fail soft */
ret = IDMAP_ERR_NOTFOUND;
goto out;
}
rc = smb_sid_splitstr(acct.a_sid, ret_rid);
assert(rc == 0);
*ret_sidprefix = strdup(acct.a_sid);
if (*ret_sidprefix == NULL) {
ret = IDMAP_ERR_MEMORY;
goto out;
}
ret = idmap_lsa_xlate_sid_type(&acct, ret_type);
if (ret != IDMAP_SUCCESS)
goto out;
if (ret_name != NULL) {
*ret_name = strdup(acct.a_name);
if (*ret_name == NULL) {
ret = IDMAP_ERR_MEMORY;
goto out;
}
}
if (ret_domain != NULL) {
*ret_domain = strdup(acct.a_domain);
if (*ret_domain == NULL) {
ret = IDMAP_ERR_MEMORY;
goto out;
}
}
ret = IDMAP_SUCCESS;
out:
free(namedom);
if (ret != IDMAP_SUCCESS) {
if (ret_name != NULL) {
free(*ret_name);
*ret_name = NULL;
}
if (ret_domain != NULL) {
free(*ret_domain);
*ret_domain = NULL;
}
free(*ret_sidprefix);
*ret_sidprefix = NULL;
}
return (ret);
}
/*
* smbadm_group_delmember
*/
static int
smbadm_group_delmember(int argc, char **argv)
{
lsa_account_t acct;
char *gname = NULL;
char **mname;
char option;
smb_gsid_t msid;
int status;
int mcnt = 0;
int ret = 0;
int i;
mname = (char **)malloc(argc * sizeof (char *));
if (mname == NULL) {
warn(gettext("failed to delete group member"));
return (1);
}
bzero(mname, argc * sizeof (char *));
while ((option = getopt(argc, argv, "m:")) != -1) {
switch (option) {
case 'm':
mname[mcnt++] = optarg;
break;
default:
free(mname);
smbadm_usage(B_FALSE);
}
}
if (mcnt == 0) {
(void) fprintf(stderr, gettext("missing member name\n"));
free(mname);
smbadm_usage(B_FALSE);
}
gname = argv[optind];
if (optind >= argc || gname == NULL || *gname == 0) {
(void) fprintf(stderr, gettext("missing group name\n"));
free(mname);
smbadm_usage(B_FALSE);
}
for (i = 0; i < mcnt; i++) {
ret = 0;
if (mname[i] == NULL)
continue;
ret = smb_lookup_name(mname[i], SidTypeUnknown, &acct);
if ((ret != 0) || (acct.a_status != NT_STATUS_SUCCESS)) {
(void) fprintf(stderr,
gettext("failed to remove %s: "
"unable to obtain SID\n"),
mname[i]);
continue;
}
msid.gs_type = acct.a_sidtype;
if ((msid.gs_sid = smb_sid_fromstr(acct.a_sid)) == NULL) {
(void) fprintf(stderr,
gettext("failed to remove %s: no memory\n"),
mname[i]);
continue;
}
status = smb_lgrp_del_member(gname, msid.gs_sid, msid.gs_type);
smb_sid_free(msid.gs_sid);
if (status != SMB_LGRP_SUCCESS) {
(void) fprintf(stderr,
gettext("failed to remove %s (%s)\n"),
mname[i], smb_lgrp_strerror(status));
ret = 1;
} else {
(void) printf(
gettext("'%s' has been removed from %s\n"),
mname[i], gname);
}
}
return (ret);
}