2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-2000,
6 * Copyright (C) Jean François Micouleau 1998-2001.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern pstring global_myname
;
26 extern DOM_SID global_sam_sid
;
29 * Next two lines needed for SunOS and don't
30 * hurt anything else...
35 /*********************************************************
36 Print command usage on stderr and die.
37 **********************************************************/
38 static void usage(void)
41 printf("smbgroupedit options\n");
43 printf("You need to be root to use this tool!\n");
46 printf(" -a group create new group\n");
47 printf(" -n group NT group name\n");
48 printf(" -p privilege only local\n");
49 printf(" -v list groups\n");
50 printf(" -l long list (include details)\n");
51 printf(" -s short list (default)\n");
52 printf(" -c SID change group\n");
53 printf(" -u unix group\n");
54 printf(" -x group delete this group\n");
56 printf(" -t[b|d|l] type: builtin, domain, local \n");
60 /*********************************************************
62 **********************************************************/
63 int addgroup(char *group
, enum SID_NAME_USE sid_type
, char *ntgroup
, char *ntcomment
, char *privilege
)
65 PRIVILEGE_SET se_priv
;
69 fstring name
, comment
;
75 local_gid_to_sid(&sid
, gid
);
76 sid_to_string(string_sid
, &sid
);
81 fstrcpy(name
, ntgroup
);
84 fstrcpy(comment
, "Local Unix group");
86 fstrcpy(comment
, ntcomment
);
88 init_privilege(&se_priv
);
90 convert_priv_from_text(&se_priv
, privilege
);
92 if(!add_initial_entry(gid
, string_sid
, sid_type
, name
, comment
, se_priv
, PR_ACCESS_FROM_NETWORK
)) {
93 free_privilege(&se_priv
);
97 free_privilege(&se_priv
);
101 /*********************************************************
103 **********************************************************/
104 int changegroup(char *sid_string
, char *group
, enum SID_NAME_USE sid_type
, char *ntgroup
, char *groupdesc
, char *privilege
)
110 string_to_sid(&sid
, sid_string
);
112 /* Get the current mapping from the database */
113 if(!get_group_map_from_sid(sid
, &map
, MAPPING_WITH_PRIV
)) {
114 printf("This SID does not exist in the database\n");
118 /* If a new Unix group is specified, check and change */
120 gid
=nametogid(group
);
122 printf("The UNIX group does not exist\n");
129 * Allow changing of group type only between domain and local
130 * We disallow changing Builtin groups !!! (SID problem)
132 if (sid_type
==SID_NAME_ALIAS
|| sid_type
==SID_NAME_DOM_GRP
)
133 if (map
.sid_name_use
==SID_NAME_ALIAS
|| map
.sid_name_use
==SID_NAME_DOM_GRP
)
134 map
.sid_name_use
=sid_type
;
138 fstrcpy(map
.nt_name
, ntgroup
);
140 /* Change comment if new one */
142 fstrcpy(map
.comment
, groupdesc
);
144 /* Change the privilege if new one */
146 convert_priv_from_text(&map
.priv_set
, privilege
);
148 if (!add_mapping_entry(&map
, TDB_REPLACE
)) {
149 printf("Count not update group database\n");
150 free_privilege(&map
.priv_set
);
154 free_privilege(&map
.priv_set
);
158 /*********************************************************
160 **********************************************************/
161 BOOL
deletegroup(char *group
)
165 string_to_sid(&sid
, group
);
167 if(!group_map_remove(sid
))
173 /*********************************************************
175 **********************************************************/
176 int listgroup(enum SID_NAME_USE sid_type
, BOOL long_list
)
185 printf("NT group (SID) -> Unix group\n");
187 if (!enum_group_mapping(sid_type
, &map
, &entries
, ENUM_ALL_MAPPED
, MAPPING_WITH_PRIV
))
190 for (i
=0; i
<entries
; i
++) {
191 decode_sid_name_use(group_type
, (map
[i
]).sid_name_use
);
192 sid_to_string(string_sid
, &map
[i
].sid
);
193 convert_priv_to_text(&(map
[i
].priv_set
), priv_text
);
194 free_privilege(&(map
[i
].priv_set
));
197 printf("%s (%s) -> %s\n", map
[i
].nt_name
, string_sid
, gidtoname(map
[i
].gid
));
199 printf("%s\n", map
[i
].nt_name
);
200 printf("\tSID : %s\n", string_sid
);
201 printf("\tUnix group: %s\n", gidtoname(map
[i
].gid
));
202 printf("\tGroup type: %s\n", group_type
);
203 printf("\tComment : %s\n", map
[i
].comment
);
204 printf("\tPrivilege : %s\n\n", priv_text
);
211 /*********************************************************
213 **********************************************************/
214 int main (int argc
, char **argv
)
217 BOOL add_group
= False
;
218 BOOL view_group
= False
;
219 BOOL change_group
= False
;
220 BOOL delete_group
= False
;
221 BOOL nt_group
= False
;
223 BOOL group_type
= False
;
224 BOOL long_list
= False
;
228 char *ntgroup
= NULL
;
229 char *privilege
= NULL
;
231 char *group_desc
= NULL
;
233 enum SID_NAME_USE sid_type
;
235 setup_logging("groupedit", True
);
242 if(!initialize_password_db(True
)) {
243 fprintf(stderr
, "Can't setup password database vectors.\n");
247 if (!lp_load(dyn_CONFIGFILE
,True
,False
,False
)) {
248 fprintf(stderr
, "Can't load %s - run testparm to debug it\n",
253 if(pdb_generate_sam_sid()==False
) {
254 printf("Can not read machine SID\n");
258 if (init_group_mapping()==False
) {
259 printf("Could not open tdb mapping file.\n");
263 while ((ch
= getopt(argc
, argv
, "a:c:d:ln:p:st:u:vx:")) != EOF
) {
310 if (((add_group
?1:0) + (view_group
?1:0) + (change_group
?1:0) + (delete_group
?1:0)) > 1) {
311 fprintf (stderr
, "Incompatible options on command line!\n");
316 /* no option on command line -> list groups */
317 if (((add_group
?1:0) + (view_group
?1:0) + (change_group
?1:0) + (delete_group
?1:0)) == 0)
321 if (group_type
==False
)
322 sid_type
=SID_NAME_UNKNOWN
;
327 sid_type
=SID_NAME_ALIAS
;
331 sid_type
=SID_NAME_DOM_GRP
;
335 sid_type
=SID_NAME_WKN_GRP
;
338 sid_type
=SID_NAME_UNKNOWN
;
344 return addgroup(group
, sid_type
, ntgroup
, group_desc
, privilege
);
347 return listgroup(sid_type
, long_list
);
350 return deletegroup(group
);
353 return changegroup(sid
, group
, sid_type
, ntgroup
, group_desc
, privilege
);