svn commit: samba r12965 - in trunk/source: groupdb passdb utils
vlendec at samba.org
vlendec at samba.org
Mon Jan 16 17:42:45 GMT 2006
Author: vlendec
Date: 2006-01-16 17:42:44 +0000 (Mon, 16 Jan 2006)
New Revision: 12965
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12965
Log:
Implement 'net sam mapunixgroup'. Improve the smbpasswd error message for
certain people in CA (MA?) ... :-)
Jeremy, is that ok now? If yes, please close the bugzilla entry :-)
Volker
Modified:
trunk/source/groupdb/mapping.c
trunk/source/passdb/passdb.c
trunk/source/passdb/pdb_interface.c
trunk/source/utils/net_groupmap.c
trunk/source/utils/net_sam.c
Changeset:
Modified: trunk/source/groupdb/mapping.c
===================================================================
--- trunk/source/groupdb/mapping.c 2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/groupdb/mapping.c 2006-01-16 17:42:44 UTC (rev 12965)
@@ -176,7 +176,7 @@
fstrcpy(map.nt_name, nt_name);
fstrcpy(map.comment, comment);
- return pdb_add_group_mapping_entry(&map);
+ return NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map));
}
/****************************************************************************
@@ -1009,6 +1009,7 @@
BOOL exists;
GROUP_MAP map;
TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
DEBUG(10, ("Trying to create alias %s\n", name));
@@ -1047,10 +1048,12 @@
fstrcpy(map.nt_name, name);
fstrcpy(map.comment, "");
- if (!pdb_add_group_mapping_entry(&map)) {
- DEBUG(0, ("Could not add group mapping entry for alias %s\n",
- name));
- return NT_STATUS_ACCESS_DENIED;
+ status = pdb_add_group_mapping_entry(&map);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not add group mapping entry for alias %s "
+ "(%s)\n", name, nt_errstr(status)));
+ return status;
}
*rid = new_rid;
Modified: trunk/source/passdb/passdb.c
===================================================================
--- trunk/source/passdb/passdb.c 2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/passdb/passdb.c 2006-01-16 17:42:44 UTC (rev 12965)
@@ -402,8 +402,21 @@
* be a newly allocated one */
if (!pdb_gid_to_sid(pwd->pw_gid, &group_sid)) {
- DEBUG(3, ("Primary group %d of new user %s is not mapped. "
- "Please add the mapping.\n", pwd->pw_gid, username));
+ struct group *grp;
+
+ grp = getgrgid(pwd->pw_gid);
+ if (grp == NULL) {
+ DEBUG(1, ("Primary group %d of user %s does not "
+ "exist.\n", pwd->pw_gid, username));
+ result = NT_STATUS_INVALID_PRIMARY_GROUP;
+ goto done;
+ }
+
+ DEBUG(1, ("\nPrimary group %s of user %s is not mapped to "
+ "a domain group\n"
+ "Please add a mapping with\n\n"
+ "net sam mapunixgroup %s\n\n",
+ grp->gr_name, username, grp->gr_name));
result = NT_STATUS_INVALID_PRIMARY_GROUP;
goto done;
}
@@ -955,17 +968,15 @@
if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
NTSTATUS result;
+ int tmp_debug = DEBUGLEVEL;
/* Might not exist in /etc/passwd. */
+ DEBUGLEVEL = 1;
result = pdb_init_sam_new(&sam_pass, user_name);
+ DEBUGLEVEL = tmp_debug;
if (NT_STATUS_EQUAL(result,
NT_STATUS_INVALID_PRIMARY_GROUP)) {
- slprintf(err_str, err_str_len-1,
- "Primary group of user %s is not "
- "mapped, please map it to a SID "
- "with\n'net groupmap add'\n",
- user_name);
return False;
}
Modified: trunk/source/passdb/pdb_interface.c
===================================================================
--- trunk/source/passdb/pdb_interface.c 2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/passdb/pdb_interface.c 2006-01-16 17:42:44 UTC (rev 12965)
@@ -1289,16 +1289,15 @@
pdb_getgrnam(pdb_context, map, name));
}
-BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
+NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
- return False;
+ return NT_STATUS_UNSUCCESSFUL;
}
- return NT_STATUS_IS_OK(pdb_context->
- pdb_add_group_mapping_entry(pdb_context, map));
+ return pdb_context->pdb_add_group_mapping_entry(pdb_context, map);
}
BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
Modified: trunk/source/utils/net_groupmap.c
===================================================================
--- trunk/source/utils/net_groupmap.c 2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/utils/net_groupmap.c 2006-01-16 17:42:44 UTC (rev 12965)
@@ -565,7 +565,7 @@
fstrcpy(map.nt_name, ntgroup);
fstrcpy(map.comment, "");
- if (!pdb_add_group_mapping_entry(&map)) {
+ if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
d_printf("Could not add mapping entry for %s\n",
ntgroup);
return -1;
Modified: trunk/source/utils/net_sam.c
===================================================================
--- trunk/source/utils/net_sam.c 2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/utils/net_sam.c 2006-01-16 17:42:44 UTC (rev 12965)
@@ -23,6 +23,83 @@
#include "utils/net.h"
/*
+ * Map a unix group to a domain group
+ */
+
+static int net_sam_mapunixgroup(int argc, const char **argv)
+{
+ NTSTATUS status;
+ GROUP_MAP map;
+ struct group *grp;
+ const char *grpname, *dom, *name;
+ uint32 rid;
+
+ if (argc != 1) {
+ d_printf("usage: net sam mapunixgroup <name>\n");
+ return -1;
+ }
+
+ grp = getgrnam(argv[0]);
+ if (grp == NULL) {
+ d_printf("Could not find group %s\n", argv[0]);
+ return -1;
+ }
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ d_printf("%s already mapped to %s (%s)\n",
+ argv[0], map.nt_name,
+ sid_string_static(&map.sid));
+ return -1;
+ }
+
+ map.gid = grp->gr_gid;
+
+ grpname = argv[0];
+
+ if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+ &dom, &name, NULL, NULL)) {
+
+ const char *tmp = talloc_asprintf(
+ tmp_talloc_ctx(), "Unix Group %s", argv[0]);
+
+ d_printf("%s exists as %s\\%s, retrying as \"%s\"\n",
+ grpname, dom, name, tmp);
+ grpname = tmp;
+ }
+
+ if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+ NULL, NULL, NULL, NULL)) {
+ d_printf("\"%s\" exists, can't map it\n", argv[0]);
+ return -1;
+ }
+
+ fstrcpy(map.nt_name, grpname);
+
+ if (!pdb_new_rid(&rid)) {
+ d_printf("Could not get a new rid\n");
+ return -1;
+ }
+
+ sid_compose(&map.sid, get_global_sam_sid(), rid);
+ map.sid_name_use = SID_NAME_DOM_GRP;
+ fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s",
+ argv[0]));
+
+ status = pdb_add_group_mapping_entry(&map);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Mapping group %s failed with %s\n",
+ argv[0], nt_errstr(status));
+ return -1;
+ }
+
+ d_printf("Mapped unix group %s to SID %s\n", argv[0],
+ sid_string_static(&map.sid));
+
+ return 0;
+}
+
+/*
* Create a local group
*/
@@ -227,6 +304,8 @@
int net_help_sam(int argc, const char **argv)
{
+ d_printf("net sam mapunixgroup\n"
+ " Map a unix group to a domain group\n");
d_printf("net sam createlocalgroup\n"
" Create a new local group\n");
d_printf("net sam addmem\n"
@@ -246,6 +325,7 @@
{
struct functable func[] = {
{"createlocalgroup", net_sam_createlocalgroup},
+ {"mapunixgroup", net_sam_mapunixgroup},
{"addmem", net_sam_addmem},
{"delmem", net_sam_delmem},
{"listmem", net_sam_listmem},
More information about the samba-cvs
mailing list