svn commit: samba r12965 - in trunk/source: groupdb passdb utils

vlendec at samba.org vlendec at samba.org
Mon Jan 16 17:42:45 GMT 2006 

Author: vlendec
Date: 2006-01-16 17:42:44 +0000 (Mon, 16 Jan 2006)
New Revision: 12965

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12965

Log:
Implement 'net sam mapunixgroup'. Improve the smbpasswd error message for
certain people in CA (MA?) ... :-)

Jeremy, is that ok now? If yes, please close the bugzilla entry :-)

Volker

Modified:
   trunk/source/groupdb/mapping.c
   trunk/source/passdb/passdb.c
   trunk/source/passdb/pdb_interface.c
   trunk/source/utils/net_groupmap.c
   trunk/source/utils/net_sam.c


Changeset:
Modified: trunk/source/groupdb/mapping.c
===================================================================
--- trunk/source/groupdb/mapping.c	2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/groupdb/mapping.c	2006-01-16 17:42:44 UTC (rev 12965)
@@ -176,7 +176,7 @@
 	fstrcpy(map.nt_name, nt_name);
 	fstrcpy(map.comment, comment);
 
-	return pdb_add_group_mapping_entry(&map);
+	return NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map));
 }
 
 /****************************************************************************
@@ -1009,6 +1009,7 @@
 	BOOL exists;
 	GROUP_MAP map;
 	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
 
 	DEBUG(10, ("Trying to create alias %s\n", name));
 
@@ -1047,10 +1048,12 @@
 	fstrcpy(map.nt_name, name);
 	fstrcpy(map.comment, "");
 
-	if (!pdb_add_group_mapping_entry(&map)) {
-		DEBUG(0, ("Could not add group mapping entry for alias %s\n",
-			  name));
-		return NT_STATUS_ACCESS_DENIED;
+	status = pdb_add_group_mapping_entry(&map);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Could not add group mapping entry for alias %s "
+			  "(%s)\n", name, nt_errstr(status)));
+		return status;
 	}
 
 	*rid = new_rid;

Modified: trunk/source/passdb/passdb.c
===================================================================
--- trunk/source/passdb/passdb.c	2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/passdb/passdb.c	2006-01-16 17:42:44 UTC (rev 12965)
@@ -402,8 +402,21 @@
 	 * be a newly allocated one */
 
 	if (!pdb_gid_to_sid(pwd->pw_gid, &group_sid)) {
-		DEBUG(3, ("Primary group %d of new user %s is not mapped. "
-			  "Please add the mapping.\n", pwd->pw_gid, username));
+		struct group *grp;
+
+		grp = getgrgid(pwd->pw_gid);
+		if (grp == NULL) {
+			DEBUG(1, ("Primary group %d of user %s does not "
+				  "exist.\n", pwd->pw_gid, username));
+			result = NT_STATUS_INVALID_PRIMARY_GROUP;
+			goto done;
+		}
+
+		DEBUG(1, ("\nPrimary group %s of user %s is not mapped to "
+			  "a domain group\n"
+			  "Please add a mapping with\n\n"
+			  "net sam mapunixgroup %s\n\n",
+			  grp->gr_name, username, grp->gr_name));
 		result = NT_STATUS_INVALID_PRIMARY_GROUP;
 		goto done;
 	}
@@ -955,17 +968,15 @@
 		
 		if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
 			NTSTATUS result;
+			int tmp_debug = DEBUGLEVEL;
 
 			/* Might not exist in /etc/passwd. */
 
+			DEBUGLEVEL = 1;
 			result = pdb_init_sam_new(&sam_pass, user_name);
+			DEBUGLEVEL = tmp_debug;
 			if (NT_STATUS_EQUAL(result,
 					    NT_STATUS_INVALID_PRIMARY_GROUP)) {
-				slprintf(err_str, err_str_len-1,
-					 "Primary group of user %s is not "
-					 "mapped, please map it to a SID "
-					 "with\n'net groupmap add'\n",
-					 user_name);
 				return False;
 			}
 

Modified: trunk/source/passdb/pdb_interface.c
===================================================================
--- trunk/source/passdb/pdb_interface.c	2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/passdb/pdb_interface.c	2006-01-16 17:42:44 UTC (rev 12965)
@@ -1289,16 +1289,15 @@
 			       pdb_getgrnam(pdb_context, map, name));
 }
 
-BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
+NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
 {
 	struct pdb_context *pdb_context = pdb_get_static_context(False);
 
 	if (!pdb_context) {
-		return False;
+		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	return NT_STATUS_IS_OK(pdb_context->
-			       pdb_add_group_mapping_entry(pdb_context, map));
+	return pdb_context->pdb_add_group_mapping_entry(pdb_context, map);
 }
 
 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)

Modified: trunk/source/utils/net_groupmap.c
===================================================================
--- trunk/source/utils/net_groupmap.c	2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/utils/net_groupmap.c	2006-01-16 17:42:44 UTC (rev 12965)
@@ -565,7 +565,7 @@
 		fstrcpy(map.nt_name, ntgroup);
 		fstrcpy(map.comment, "");
 
-		if (!pdb_add_group_mapping_entry(&map)) {
+		if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
 			d_printf("Could not add mapping entry for %s\n",
 				 ntgroup);
 			return -1;

Modified: trunk/source/utils/net_sam.c
===================================================================
--- trunk/source/utils/net_sam.c	2006-01-16 17:21:47 UTC (rev 12964)
+++ trunk/source/utils/net_sam.c	2006-01-16 17:42:44 UTC (rev 12965)
@@ -23,6 +23,83 @@
 #include "utils/net.h"
 
 /*
+ * Map a unix group to a domain group
+ */
+
+static int net_sam_mapunixgroup(int argc, const char **argv)
+{
+	NTSTATUS status;
+	GROUP_MAP map;
+	struct group *grp;
+	const char *grpname, *dom, *name;
+	uint32 rid;
+
+	if (argc != 1) {
+		d_printf("usage: net sam mapunixgroup <name>\n");
+		return -1;
+	}
+
+	grp = getgrnam(argv[0]);
+	if (grp == NULL) {
+		d_printf("Could not find group %s\n", argv[0]);
+		return -1;
+	}
+
+	if (pdb_getgrgid(&map, grp->gr_gid)) {
+		d_printf("%s already mapped to %s (%s)\n",
+			 argv[0], map.nt_name,
+			 sid_string_static(&map.sid));
+		return -1;
+	}
+
+	map.gid = grp->gr_gid;
+
+	grpname = argv[0];
+
+	if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+			&dom, &name, NULL, NULL)) {
+
+		const char *tmp = talloc_asprintf(
+			tmp_talloc_ctx(), "Unix Group %s", argv[0]);
+
+		d_printf("%s exists as %s\\%s, retrying as \"%s\"\n",
+			 grpname, dom, name, tmp);
+		grpname = tmp;
+	}
+
+	if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+			NULL, NULL, NULL, NULL)) {
+		d_printf("\"%s\" exists, can't map it\n", argv[0]);
+		return -1;
+	}
+
+	fstrcpy(map.nt_name, grpname);
+
+	if (!pdb_new_rid(&rid)) {
+		d_printf("Could not get a new rid\n");
+		return -1;
+	}
+
+	sid_compose(&map.sid, get_global_sam_sid(), rid);
+	map.sid_name_use = SID_NAME_DOM_GRP;
+	fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s",
+					     argv[0]));
+
+	status = pdb_add_group_mapping_entry(&map);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("Mapping group %s failed with %s\n",
+			 argv[0], nt_errstr(status));
+		return -1;
+	}
+
+	d_printf("Mapped unix group %s to SID %s\n", argv[0],
+		 sid_string_static(&map.sid));
+
+	return 0;
+}
+
+/*
  * Create a local group
  */
 
@@ -227,6 +304,8 @@
 
 int net_help_sam(int argc, const char **argv)
 {
+	d_printf("net sam mapunixgroup\n"
+		 "  Map a unix group to a domain group\n");
 	d_printf("net sam createlocalgroup\n"
 		 "  Create a new local group\n");
 	d_printf("net sam addmem\n"
@@ -246,6 +325,7 @@
 {
 	struct functable func[] = {
 		{"createlocalgroup", net_sam_createlocalgroup},
+		{"mapunixgroup", net_sam_mapunixgroup},
 		{"addmem", net_sam_addmem},
 		{"delmem", net_sam_delmem},
 		{"listmem", net_sam_listmem},

More information about the samba-cvs mailing list