📄 net_groupmap.c

📁 samba-3.0.22.tar.gz 编译smb服务器的源码
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12
	/* Change comment if new one */	if ( ntcomment[0] )		fstrcpy( map.comment, ntcomment );			if ( ntgroup[0] )		fstrcpy( map.nt_name, ntgroup );			if ( unixgrp[0] ) {		gid = nametogid( unixgrp );		if ( gid == -1 ) {			d_fprintf(stderr, "Unable to lookup UNIX group %s.  Make sure the group exists.\n",				unixgrp);			return -1;		}				map.gid = gid;	}	if ( !pdb_update_group_mapping_entry(&map) ) {		d_fprintf(stderr, "Could not update group database\n");		return -1;	}		d_printf("Updated mapping entry for %s\n", map.nt_name);	return 0;}static int net_groupmap_delete(int argc, const char **argv){	DOM_SID sid;	fstring ntgroup = "";	fstring sid_string = "";	int i;	/* get the options */	for ( i=0; i<argc; i++ ) {		if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) {			fstrcpy( ntgroup, get_string_param( argv[i] ) );			if ( !ntgroup[0] ) {				d_fprintf(stderr, "must supply a name\n");				return -1;			}				}		else if ( !StrnCaseCmp(argv[i], "sid", strlen("sid")) ) {			fstrcpy( sid_string, get_string_param( argv[i] ) );			if ( !sid_string[0] ) {				d_fprintf(stderr, "must supply a SID\n");				return -1;			}				}		else {			d_fprintf(stderr, "Bad option: %s\n", argv[i]);			return -1;		}	}		if ( !ntgroup[0] && !sid_string[0]) {		d_printf("Usage: net groupmap delete {ntgroup=<string>|sid=<SID>}\n");		return -1;	}		/* give preference to the SID if we have that */		if ( sid_string[0] )		fstrcpy( ntgroup, sid_string );			if ( !get_sid_from_input(&sid, ntgroup) ) {		d_fprintf(stderr, "Unable to resolve group %s to a SID\n", ntgroup);		return -1;	}	if ( !pdb_delete_group_mapping_entry(sid) ) {		d_fprintf(stderr, "Failed to removing group %s from the mapping db!\n", ntgroup);		return -1;	}	d_printf("Sucessfully removed %s from the mapping db\n", ntgroup);	return 0;}static int net_groupmap_set(int argc, const char **argv){	const char *ntgroup = NULL;	struct group *grp = NULL;	GROUP_MAP map;	BOOL have_map = False;	if ((argc < 1) || (argc > 2)) {		d_printf("Usage: net groupmap set \"NT Group\" "			 "[\"unix group\"] [-C \"comment\"] [-L] [-D]\n");		return -1;	}	if ( opt_localgroup && opt_domaingroup ) {		d_printf("Can only specify -L or -D, not both\n");		return -1;	}	ntgroup = argv[0];	if (argc == 2) {		grp = getgrnam(argv[1]);		if (grp == NULL) {			d_fprintf(stderr, "Could not find unix group %s\n", argv[1]);			return -1;		}	}	have_map = pdb_getgrnam(&map, ntgroup);	if (!have_map) {		DOM_SID sid;		have_map = ( (strncmp(ntgroup, "S-", 2) == 0) &&			     string_to_sid(&sid, ntgroup) &&			     pdb_getgrsid(&map, sid) );	}	if (!have_map) {		/* Ok, add it */		if (grp == NULL) {			d_fprintf(stderr, "Could not find group mapping for %s\n",				 ntgroup);			return -1;		}		map.gid = grp->gr_gid;		if (opt_rid == 0) {			opt_rid = pdb_gid_to_group_rid(map.gid);		}		sid_copy(&map.sid, get_global_sam_sid());		sid_append_rid(&map.sid, opt_rid);		map.sid_name_use = SID_NAME_DOM_GRP;		fstrcpy(map.nt_name, ntgroup);		fstrcpy(map.comment, "");		if (!pdb_add_group_mapping_entry(&map)) {			d_fprintf(stderr, "Could not add mapping entry for %s\n",				 ntgroup);			return -1;		}	}	/* Now we have a mapping entry, update that stuff */	if ( opt_localgroup || opt_domaingroup ) {		if (map.sid_name_use == SID_NAME_WKN_GRP) {			d_fprintf(stderr, "Can't change type of the BUILTIN group %s\n",				 map.nt_name);			return -1;		}	}	if (opt_localgroup)		map.sid_name_use = SID_NAME_ALIAS;	if (opt_domaingroup)		map.sid_name_use = SID_NAME_DOM_GRP;	/* The case (opt_domaingroup && opt_localgroup) was tested for above */	if (strlen(opt_comment) > 0)		fstrcpy(map.comment, opt_comment);	if (strlen(opt_newntname) > 0)		fstrcpy(map.nt_name, opt_newntname);	if (grp != NULL)		map.gid = grp->gr_gid;	if (!pdb_update_group_mapping_entry(&map)) {		d_fprintf(stderr, "Could not update group mapping for %s\n", ntgroup);		return -1;	}	return 0;}static int net_groupmap_cleanup(int argc, const char **argv){	GROUP_MAP *map = NULL;	size_t i, entries;	if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &entries,				    ENUM_ALL_MAPPED)) {		d_fprintf(stderr, "Could not list group mappings\n");		return -1;	}	for (i=0; i<entries; i++) {		if (map[i].sid_name_use == SID_NAME_WKN_GRP)			continue;		if (map[i].gid == -1)			printf("Group %s is not mapped\n", map[i].nt_name);		if (!sid_check_is_in_our_domain(&map[i].sid)) {			printf("Deleting mapping for NT Group %s, sid %s\n",			       map[i].nt_name,			       sid_string_static(&map[i].sid));			pdb_delete_group_mapping_entry(map[i].sid);		}	}	SAFE_FREE(map);	return 0;}static int net_groupmap_addmem(int argc, const char **argv){	DOM_SID alias, member;	if ( (argc != 2) || 	     !string_to_sid(&alias, argv[0]) ||	     !string_to_sid(&member, argv[1]) ) {		d_printf("Usage: net groupmap addmem alias-sid member-sid\n");		return -1;	}	if (!pdb_add_aliasmem(&alias, &member)) {		d_fprintf(stderr, "Could not add sid %s to alias %s\n",			 argv[1], argv[0]);		return -1;	}	return 0;}static int net_groupmap_delmem(int argc, const char **argv){	DOM_SID alias, member;	if ( (argc != 2) || 	     !string_to_sid(&alias, argv[0]) ||	     !string_to_sid(&member, argv[1]) ) {		d_printf("Usage: net groupmap delmem alias-sid member-sid\n");		return -1;	}	if (!pdb_del_aliasmem(&alias, &member)) {		d_fprintf(stderr, "Could not delete sid %s from alias %s\n",			 argv[1], argv[0]);		return -1;	}	return 0;}static int net_groupmap_listmem(int argc, const char **argv){	DOM_SID alias;	DOM_SID *members;	size_t i, num;	if ( (argc != 1) || 	     !string_to_sid(&alias, argv[0]) ) {		d_printf("Usage: net groupmap listmem alias-sid\n");		return -1;	}	members = NULL;	num = 0;	if (!pdb_enum_aliasmem(&alias, &members, &num)) {		d_fprintf(stderr, "Could not list members for sid %s\n", argv[0]);		return -1;	}	for (i = 0; i < num; i++) {		printf("%s\n", sid_string_static(&(members[i])));	}	SAFE_FREE(members);	return 0;}static BOOL print_alias_memberships(TALLOC_CTX *mem_ctx,				    const DOM_SID *domain_sid,				    const DOM_SID *member){	uint32 *alias_rids;	size_t i, num_alias_rids;	alias_rids = NULL;	num_alias_rids = 0;	if (!pdb_enum_alias_memberships(mem_ctx, domain_sid, member, 1,					&alias_rids, &num_alias_rids)) {		d_fprintf(stderr, "Could not list memberships for sid %s\n",			 sid_string_static(member));		return False;	}	for (i = 0; i < num_alias_rids; i++) {		DOM_SID alias;		sid_copy(&alias, domain_sid);		sid_append_rid(&alias, alias_rids[i]);		printf("%s\n", sid_string_static(&alias));	}	return True;}static int net_groupmap_memberships(int argc, const char **argv){	TALLOC_CTX *mem_ctx;	DOM_SID *domain_sid, *builtin_sid, member;	if ( (argc != 1) || 	     !string_to_sid(&member, argv[0]) ) {		d_printf("Usage: net groupmap memberof sid\n");		return -1;	}	mem_ctx = talloc_init("net_groupmap_memberships");	if (mem_ctx == NULL) {		d_fprintf(stderr, "talloc_init failed\n");		return -1;	}	domain_sid = get_global_sam_sid();	builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32");	if ((domain_sid == NULL) || (builtin_sid == NULL)) {		d_fprintf(stderr, "Could not get domain sid\n");		return -1;	}	if (!print_alias_memberships(mem_ctx, domain_sid, &member) ||	    !print_alias_memberships(mem_ctx, builtin_sid, &member))		return -1;	talloc_destroy(mem_ctx);	return 0;}int net_help_groupmap(int argc, const char **argv){	d_printf("net groupmap add"\		"\n  Create a new group mapping\n");	d_printf("net groupmap modify"\		"\n  Update a group mapping\n");	d_printf("net groupmap delete"\		"\n  Remove a group mapping\n");	d_printf("net groupmap addmem"\		 "\n  Add a foreign alias member\n");	d_printf("net groupmap delmem"\		 "\n  Delete a foreign alias member\n");	d_printf("net groupmap listmem"\		 "\n  List foreign group members\n");	d_printf("net groupmap memberships"\		 "\n  List foreign group memberships\n");	d_printf("net groupmap list"\		"\n  List current group map\n");	d_printf("net groupmap set"\		"\n  Set group mapping\n");	d_printf("net groupmap cleanup"\		"\n  Remove foreign group mapping entries\n");		return -1;}/*********************************************************** migrated functionality from smbgroupedit **********************************************************/int net_groupmap(int argc, const char **argv){	struct functable func[] = {		{"add", net_groupmap_add},		{"modify", net_groupmap_modify},		{"delete", net_groupmap_delete},		{"set", net_groupmap_set},		{"cleanup", net_groupmap_cleanup}, 		{"addmem", net_groupmap_addmem}, 		{"delmem", net_groupmap_delmem}, 		{"listmem", net_groupmap_listmem}, 		{"memberships", net_groupmap_memberships},		{"list", net_groupmap_list},		{"help", net_help_groupmap},		{NULL, NULL}	};	/* we shouldn't have silly checks like this */	if (getuid() != 0) {		d_fprintf(stderr, "You must be root to edit group mappings.\nExiting...\n");		return -1;	}		if ( argc )		return net_run_function(argc, argv, func, net_help_groupmap);	return net_help_groupmap( argc, argv );}
上一页 12
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -