search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync getopt() args with 2.2
[Samba.git] / source / utils / smbgroupedit.c
blobf32f7b712911a6ad446f569bffa22a52f9218d5e
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-2000,
6 * Copyright (C) Jean François Micouleau 1998-2001.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24
25 extern pstring global_myname;
26 extern DOM_SID global_sam_sid;
27
28 /*
29 * Next two lines needed for SunOS and don't
30 * hurt anything else...
31 */
32 extern char *optarg;
33 extern int optind;
34
35 /*********************************************************
36 Print command usage on stderr and die.
37 **********************************************************/
38 static void usage(void)
39 {
40 if (getuid() == 0) {
41 printf("smbgroupedit options\n");
42 } else {
43 printf("You need to be root to use this tool!\n");
44 }
45 printf("options:\n");
46 printf(" -a group create new group\n");
47 printf(" -n group NT group name\n");
48 printf(" -p privilege only local\n");
49 printf(" -v list groups\n");
50 printf(" -l long list (include details)\n");
51 printf(" -s short list (default)\n");
52 printf(" -c SID change group\n");
53 printf(" -u unix group\n");
54 printf(" -x group delete this group\n");
55 printf("\n");
56 printf(" -t[b|d|l] type: builtin, domain, local \n");
57 exit(1);
58 }
59
60 /*********************************************************
61 add a group.
62 **********************************************************/
63 int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege)
64 {
65 PRIVILEGE_SET se_priv;
66 gid_t gid;
67 DOM_SID sid;
68 fstring string_sid;
69 fstring name, comment;
70
71 gid=nametogid(group);
72 if (gid==-1)
73 return -1;
74
75 local_gid_to_sid(&sid, gid);
76 sid_to_string(string_sid, &sid);
77
78 if (ntgroup==NULL)
79 fstrcpy(name, group);
80 else
81 fstrcpy(name, ntgroup);
82
83 if (ntcomment==NULL)
84 fstrcpy(comment, "Local Unix group");
85 else
86 fstrcpy(comment, ntcomment);
87
88 init_privilege(&se_priv);
89 if (privilege!=NULL)
90 convert_priv_from_text(&se_priv, privilege);
91
92 if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv, PR_ACCESS_FROM_NETWORK)) {
93 free_privilege(&se_priv);
94 return -1;
95 }
96
97 free_privilege(&se_priv);
98 return 0;
99 }
100
101 /*********************************************************
102 Change a group.
103 **********************************************************/
104 int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *groupdesc, char *privilege)
105 {
106 DOM_SID sid;
107 GROUP_MAP map;
108 gid_t gid;
109
110 string_to_sid(&sid, sid_string);
111
112 /* Get the current mapping from the database */
113 if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
114 printf("This SID does not exist in the database\n");
115 return -1;
116 }
117
118 /* If a new Unix group is specified, check and change */
119 if (group!=NULL) {
120 gid=nametogid(group);
121 if (gid==-1) {
122 printf("The UNIX group does not exist\n");
123 return -1;
124 } else
125 map.gid=gid;
126 }
127
128 /*
129 * Allow changing of group type only between domain and local
130 * We disallow changing Builtin groups !!! (SID problem)
131 */
132 if (sid_type==SID_NAME_ALIAS || sid_type==SID_NAME_DOM_GRP)
133 if (map.sid_name_use==SID_NAME_ALIAS || map.sid_name_use==SID_NAME_DOM_GRP)
134 map.sid_name_use=sid_type;
135
136
137 if (ntgroup!=NULL)
138 fstrcpy(map.nt_name, ntgroup);
139
140 /* Change comment if new one */
141 if (groupdesc!=NULL)
142 fstrcpy(map.comment, groupdesc);
143
144 /* Change the privilege if new one */
145 if (privilege!=NULL)
146 convert_priv_from_text(&map.priv_set, privilege);
147
148 if (!add_mapping_entry(&map, TDB_REPLACE)) {
149 printf("Count not update group database\n");
150 free_privilege(&map.priv_set);
151 return -1;
152 }
153
154 free_privilege(&map.priv_set);
155 return 0;
156 }
157
158 /*********************************************************
159 Delete the group.
160 **********************************************************/
161 BOOL deletegroup(char *group)
162 {
163 DOM_SID sid;
164
165 string_to_sid(&sid, group);
166
167 if(!group_map_remove(sid))
168 return False;
169
170 return True;
171 }
172
173 /*********************************************************
174 List the groups.
175 **********************************************************/
176 int listgroup(enum SID_NAME_USE sid_type, BOOL long_list)
177 {
178 int entries,i;
179 GROUP_MAP *map=NULL;
180 fstring string_sid;
181 fstring group_type;
182 fstring priv_text;
183
184 if (!long_list)
185 printf("NT group (SID) -> Unix group\n");
186
187 if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
188 return -1;
189
190 for (i=0; i<entries; i++) {
191 decode_sid_name_use(group_type, (map[i]).sid_name_use);
192 sid_to_string(string_sid, &map[i].sid);
193 convert_priv_to_text(&(map[i].priv_set), priv_text);
194 free_privilege(&(map[i].priv_set));
195
196 if (!long_list)
197 printf("%s (%s) -> %s\n", map[i].nt_name, string_sid, gidtoname(map[i].gid));
198 else {
199 printf("%s\n", map[i].nt_name);
200 printf("\tSID : %s\n", string_sid);
201 printf("\tUnix group: %s\n", gidtoname(map[i].gid));
202 printf("\tGroup type: %s\n", group_type);
203 printf("\tComment : %s\n", map[i].comment);
204 printf("\tPrivilege : %s\n\n", priv_text);
205 }
206 }
207
208 return 0;
209 }
210
211 /*********************************************************
212 Start here.
213 **********************************************************/
214 int main (int argc, char **argv)
215 {
216 int ch;
217 BOOL add_group = False;
218 BOOL view_group = False;
219 BOOL change_group = False;
220 BOOL delete_group = False;
221 BOOL nt_group = False;
222 BOOL priv = False;
223 BOOL group_type = False;
224 BOOL long_list = False;
225
226 char *group = NULL;
227 char *sid = NULL;
228 char *ntgroup = NULL;
229 char *privilege = NULL;
230 char *groupt = NULL;
231 char *group_desc = NULL;
232
233 enum SID_NAME_USE sid_type;
234
235 setup_logging("groupedit", True);
236
237 if (argc < 2) {
238 usage();
239 return 0;
240 }
241
242 if(!initialize_password_db(True)) {
243 fprintf(stderr, "Can't setup password database vectors.\n");
244 exit(1);
245 }
246
247 if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
248 fprintf(stderr, "Can't load %s - run testparm to debug it\n",
249 dyn_CONFIGFILE);
250 exit(1);
251 }
252
253 if(pdb_generate_sam_sid()==False) {
254 printf("Can not read machine SID\n");
255 return 0;
256 }
257
258 if (init_group_mapping()==False) {
259 printf("Could not open tdb mapping file.\n");
260 return 0;
261 }
262
263 while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:")) != EOF) {
264 switch(ch) {
265 case 'a':
266 add_group = True;
267 group=optarg;
268 break;
269 case 'c':
270 change_group = True;
271 sid=optarg;
272 break;
273 case 'd':
274 group_desc=optarg;
275 break;
276 case 'l':
277 long_list = True;
278 break;
279 case 'n':
280 nt_group = True;
281 ntgroup=optarg;
282 break;
283 case 'p':
284 priv = True;
285 privilege=optarg;
286 break;
287 case 's':
288 long_list = False;
289 break;
290 case 't':
291 group_type = True;
292 groupt=optarg;
293 break;
294 case 'u':
295 group=optarg;
296 break;
297 case 'v':
298 view_group = True;
299 break;
300 case 'x':
301 delete_group = True;
302 group=optarg;
303 break;
304 /*default:
305 usage();*/
306 }
307 }
308
309
310 if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) {
311 fprintf (stderr, "Incompatible options on command line!\n");
312 usage();
313 exit(1);
314 }
315
316 /* no option on command line -> list groups */
317 if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
318 view_group = True;
319
320
321 if (group_type==False)
322 sid_type=SID_NAME_UNKNOWN;
323 else {
324 switch (groupt[0]) {
325 case 'l':
326 case 'L':
327 sid_type=SID_NAME_ALIAS;
328 break;
329 case 'd':
330 case 'D':
331 sid_type=SID_NAME_DOM_GRP;
332 break;
333 case 'b':
334 case 'B':
335 sid_type=SID_NAME_WKN_GRP;
336 break;
337 default:
338 sid_type=SID_NAME_UNKNOWN;
339 break;
340 }
341 }
342
343 if (add_group)
344 return addgroup(group, sid_type, ntgroup, group_desc, privilege);
345
346 if (view_group)
347 return listgroup(sid_type, long_list);
348
349 if (delete_group)
350 return deletegroup(group);
351
352 if (change_group) {
353 return changegroup(sid, group, sid_type, ntgroup, group_desc, privilege);
354 }
355
356 usage();
357
358 return 0;
359 }
Samba GIT mirror