1 /*Some group management stuff*/
6 int main(int argc
, char **argv
) {
7 CacServerHandle
*hnd
= NULL
;
8 TALLOC_CTX
*mem_ctx
= NULL
;
11 struct SamEnumGroups eg
;
12 struct SamEnumUsers eu
;
13 struct SamCreateGroup cg
;
14 struct SamOpenGroup og
;
15 struct SamGetGroupMembers ggm
;
16 struct SamGetNamesFromRids gn
;
17 struct SamAddGroupMember add
;
18 struct SamRemoveGroupMember del
;
19 struct SamSetGroupMembers set
;
20 struct SamGetGroupsForUser gg
;
21 struct SamOpenUser ou
;
22 struct SamGetGroupInfo gi
;
23 struct SamSetGroupInfo si
;
24 struct SamRenameGroup rg
;
25 struct SamGetSecurityObject gso
;
27 POLICY_HND
*group_hnd
= NULL
;
34 mem_ctx
= talloc_init("cac_samgroup");
36 hnd
= cac_NewServerHandle(True
);
38 cac_parse_cmd_line(argc
, argv
, hnd
);
40 if(!cac_Connect(hnd
, NULL
)) {
41 fprintf(stderr
, "Could not connect to server %s. Error: %s\n", hnd
->server
, nt_errstr(hnd
->status
));
45 struct SamOpenDomain sod
;
48 sod
.in
.access
= MAXIMUM_ALLOWED_ACCESS
;
50 if(!cac_SamOpenDomain(hnd
, mem_ctx
, &sod
)) {
51 fprintf(stderr
, "Could not open domain. Error: %s\n", nt_errstr(hnd
->status
));
56 while(tmp
[0] != 'q') {
58 printf("[l]ist groups\n");
59 printf("[c]reate group\n");
60 printf("[o]pen group\n");
61 printf("[d]elete group\n");
62 printf("list [m]embers\n");
63 printf("list [u]sers\n");
64 printf("list [g]roup for users\n");
65 printf("[a]dd member\n");
66 printf("[r]emove member\n");
67 printf("[x] clear members\n");
68 printf("get group [i]nfo\n");
69 printf("[e]dit group info\n");
70 printf("[s]et members\n");
71 printf("re[n]ame group\n");
72 printf("[z] close group\n");
73 printf("[t] get security info\n");
76 printf("Enter option: ");
77 cactest_readline(stdin
, tmp
);
82 case 'c': /*create group*/
83 if(group_hnd
!= NULL
) {
84 /*then we have an open handle.. close it*/
85 cac_SamClose(hnd
, mem_ctx
, group_hnd
);
89 printf("Enter group name: ");
90 cactest_readline(stdin
, input
);
94 cg
.in
.name
= talloc_strdup(mem_ctx
, input
);
95 cg
.in
.access
= MAXIMUM_ALLOWED_ACCESS
;
96 cg
.in
.dom_hnd
= sod
.out
.dom_hnd
;
98 if(!cac_SamCreateGroup(hnd
, mem_ctx
, &cg
)) {
99 fprintf(stderr
, "Could not create group. Error: %s\n", nt_errstr(hnd
->status
));
102 printf("Created group %s\n", cg
.in
.name
);
104 group_hnd
= cg
.out
.group_hnd
;
108 case 'o': /*open group*/
109 if(group_hnd
!= NULL
) {
110 /*then we have an open handle.. close it*/
111 cac_SamClose(hnd
, mem_ctx
, group_hnd
);
117 og
.in
.dom_hnd
= sod
.out
.dom_hnd
;
118 og
.in
.access
= MAXIMUM_ALLOWED_ACCESS
;
120 printf("Enter RID: 0x");
121 scanf("%x", &og
.in
.rid
);
123 if(!cac_SamOpenGroup(hnd
, mem_ctx
, &og
)) {
124 fprintf(stderr
, "Could not open group. Error: %s\n", nt_errstr(hnd
->status
));
127 printf("Opened group\n");
128 group_hnd
= og
.out
.group_hnd
;
133 case 'l': /*list groups*/
135 eg
.in
.dom_hnd
= sod
.out
.dom_hnd
;
137 while(cac_SamEnumGroups(hnd
, mem_ctx
, &eg
)) {
138 for(i
= 0; i
< eg
.out
.num_groups
; i
++) {
139 printf("RID: 0x%x Name: %s\n", eg
.out
.rids
[i
], eg
.out
.names
[i
]);
143 if(CAC_OP_FAILED(hnd
->status
)) {
144 printf("Could not enumerate Groups. Error: %s\n", nt_errstr(hnd
->status
));
149 case 'm': /*list group members*/
151 printf("Must open group first!\n");
156 ggm
.in
.group_hnd
= group_hnd
;
158 if(!cac_SamGetGroupMembers(hnd
, mem_ctx
, &ggm
)) {
159 fprintf(stderr
, "Could not get group members. Error: %s\n", nt_errstr(hnd
->status
));
163 printf("Group has %d members:\n", ggm
.out
.num_members
);
165 if(ggm
.out
.num_members
== 0) /*just skip the rest of this case*/
168 /**get the user names*/
169 gn
.in
.dom_hnd
= sod
.out
.dom_hnd
;
170 gn
.in
.num_rids
= ggm
.out
.num_members
;
171 gn
.in
.rids
= ggm
.out
.rids
;
173 if(!cac_SamGetNamesFromRids(hnd
, mem_ctx
, &gn
)) {
174 fprintf(stderr
, "Could not lookup names. Error: %s\n", nt_errstr(hnd
->status
));
178 for(i
= 0; i
< gn
.out
.num_names
; i
++) {
179 printf("RID: 0x%x Name: %s\n", gn
.out
.map
[i
].rid
, gn
.out
.map
[i
].name
);
184 case 'd': /*delete group*/
186 printf("Must open group first!\n");
190 if(!cac_SamDeleteGroup(hnd
, mem_ctx
, group_hnd
)) {
191 fprintf(stderr
, "Could not delete group. Error: %s\n", nt_errstr(hnd
->status
));
194 printf("Deleted group.\n");
199 case 'u': /*list users*/
202 eu
.in
.dom_hnd
= sod
.out
.dom_hnd
;
204 while(cac_SamEnumUsers(hnd
, mem_ctx
, &eu
)) {
205 for(i
= 0; i
< eu
.out
.num_users
; i
++) {
206 printf(" RID: 0x%x Name: %s\n", eu
.out
.rids
[i
], eu
.out
.names
[i
]);
210 if(CAC_OP_FAILED(hnd
->status
)) {
211 printf("Could not enumerate users. Error: %s\n", nt_errstr(hnd
->status
));
216 case 'a': /*add member to group*/
218 printf("Must open group first!\n");
224 add
.in
.group_hnd
= group_hnd
;
226 printf("Enter user RID: 0x");
227 scanf("%x", &add
.in
.rid
);
229 if(!cac_SamAddGroupMember(hnd
, mem_ctx
, &add
)) {
230 fprintf(stderr
, "Could not add user to group. Error: %s\n", nt_errstr(hnd
->status
));
233 printf("Successfully added user to group\n");
237 case 'r': /*remove user from group*/
239 printf("Must open group first!\n");
244 del
.in
.group_hnd
= group_hnd
;
246 printf("Enter RID: 0x");
247 scanf("%x", &del
.in
.rid
);
249 if(!cac_SamRemoveGroupMember(hnd
, mem_ctx
, &del
)) {
250 fprintf(stderr
, "Could not remove user from group. Error: %s\n", nt_errstr(hnd
->status
));
253 printf("Removed user from group.\n");
258 case 'x': /*clear group members*/
260 printf("Must open group first!\n");
264 if(!cac_SamClearGroupMembers(hnd
, mem_ctx
, group_hnd
)) {
265 fprintf(stderr
, "Could not clear group members. Error: %s\n", nt_errstr(hnd
->status
));
268 printf("Cleared group members\n");
273 case 's': /*set members*/
275 printf("Must open group first!\n");
281 set
.in
.group_hnd
= group_hnd
;
283 printf("Enter the number of members: ");
284 scanf("%d", &set
.in
.num_members
);
286 set
.in
.rids
= TALLOC_ARRAY(mem_ctx
, uint32
, set
.in
.num_members
);
288 for(i
= 0; i
< set
.in
.num_members
; i
++) {
289 printf("Enter RID #%d: 0x", (i
+1));
290 scanf("%x", (set
.in
.rids
+ i
));
293 if(!cac_SamSetGroupMembers(hnd
, mem_ctx
, &set
)) {
294 printf("could not set members. Error: %s\n", nt_errstr(hnd
->status
));
297 printf("Set users\n");
302 case 'g': /*list groups for user*/
306 printf("Enter username: ");
307 cactest_readline(stdin
, input
);
309 if(input
[0] != '\0') {
310 ou
.in
.name
= talloc_strdup(mem_ctx
, input
);
313 printf("Enter RID: 0x");
314 scanf("%x", &ou
.in
.rid
);
317 ou
.in
.access
= MAXIMUM_ALLOWED_ACCESS
;
318 ou
.in
.dom_hnd
= sod
.out
.dom_hnd
;
320 if(!cac_SamOpenUser(hnd
, mem_ctx
, &ou
)) {
321 fprintf(stderr
, "Could not open user %s. Error: %s\n", ou
.in
.name
, nt_errstr(hnd
->status
));
325 /*now find the groups*/
326 gg
.in
.user_hnd
= ou
.out
.user_hnd
;
328 if(!cac_SamGetGroupsForUser(hnd
, mem_ctx
, &gg
)) {
329 fprintf(stderr
, "Could not get groups for user. Error: %s\n", nt_errstr(hnd
->status
));
333 cac_SamClose(hnd
, mem_ctx
, ou
.out
.user_hnd
);
337 gn
.in
.dom_hnd
= sod
.out
.dom_hnd
;
338 gn
.in
.num_rids
= gg
.out
.num_groups
;
339 gn
.in
.rids
= gg
.out
.rids
;
341 if(!cac_SamGetNamesFromRids(hnd
, mem_ctx
, &gn
)) {
342 fprintf(stderr
, "Could not get names from RIDs. Error: %s\n", nt_errstr(hnd
->status
));
346 printf("%d groups: \n", gn
.out
.num_names
);
348 for(i
= 0; i
< gn
.out
.num_names
; i
++) {
349 printf("RID: 0x%x ", gn
.out
.map
[i
].rid
);
351 if(gn
.out
.map
[i
].found
)
352 printf("Name: %s\n", gn
.out
.map
[i
].name
);
354 printf("Unknown RID\n");
359 case 'z': /*close group*/
361 printf("Must open group first!\n");
365 if(!cac_SamClose(hnd
, mem_ctx
, group_hnd
)) {
366 printf("Could not close group\n");
373 case 'i': /*get group info*/
375 printf("Must open group first!\n");
380 gi
.in
.group_hnd
= group_hnd
;
382 if(!cac_SamGetGroupInfo(hnd
, mem_ctx
, &gi
)) {
383 printf("Could not get group info. Error: %s\n", nt_errstr(hnd
->status
));
386 printf("Retrieved Group info\n");
387 print_cac_group_info(gi
.out
.info
);
392 case 'e': /*edit group info*/
394 printf("Must open group first!\n");
401 gi
.in
.group_hnd
= group_hnd
;
403 if(!cac_SamGetGroupInfo(hnd
, mem_ctx
, &gi
)) {
404 printf("Could not get group info. Error: %s\n", nt_errstr(hnd
->status
));
408 edit_cac_group_info(mem_ctx
, gi
.out
.info
);
410 si
.in
.group_hnd
= group_hnd
;
411 si
.in
.info
= gi
.out
.info
;
413 if(!cac_SamSetGroupInfo(hnd
, mem_ctx
, &si
)) {
414 printf("Could not set group info. Error: %s\n", nt_errstr(hnd
->status
));
422 case 'n': /*rename group*/
424 printf("Must open group first!\n");
430 printf("Enter new group name: ");
431 cactest_readline(stdin
, tmp
);
433 rg
.in
.group_hnd
= group_hnd
;
434 rg
.in
.new_name
= talloc_strdup(mem_ctx
, tmp
);
436 if(!cac_SamRenameGroup(hnd
, mem_ctx
, &rg
))
437 printf("Could not rename group. Error: %s\n", nt_errstr(hnd
->status
));
442 case 't': /*get security info*/
444 printf("Must open group first!\n");
450 gso
.in
.pol
= group_hnd
;
452 if(!cac_SamGetSecurityObject(hnd
, mem_ctx
, &gso
)) {
453 printf("Could not get security descriptor info. Error: %s\n", nt_errstr(hnd
->status
));
464 printf("Invalid command\n");
468 cac_SamClose(hnd
, mem_ctx
, sod
.out
.dom_hnd
);
471 cac_SamClose(hnd
, mem_ctx
, group_hnd
);
476 talloc_destroy(mem_ctx
);