svn commit: samba r13267 - in trunk/source: groupdb passdb utils
vlendec at samba.org
vlendec at samba.org
Tue Jan 31 23:21:48 GMT 2006
Author: vlendec
Date: 2006-01-31 23:21:47 +0000 (Tue, 31 Jan 2006)
New Revision: 13267
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13267
Log:
Automatically create explicit group mappings for the primary group of users
about to be added to pdb. This helps with smbpasswd -a but also usrmgr.exe for
all the distros with per-user individual groups.
Volker
Modified:
trunk/source/groupdb/mapping.c
trunk/source/passdb/passdb.c
trunk/source/utils/net_sam.c
Changeset:
Modified: trunk/source/groupdb/mapping.c
===================================================================
--- trunk/source/groupdb/mapping.c 2006-01-31 23:13:54 UTC (rev 13266)
+++ trunk/source/groupdb/mapping.c 2006-01-31 23:21:47 UTC (rev 13267)
@@ -180,6 +180,64 @@
}
/****************************************************************************
+ Map a unix group to a newly created mapping
+****************************************************************************/
+NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
+{
+ NTSTATUS status;
+ GROUP_MAP map;
+ const char *grpname, *dom, *name;
+ uint32 rid;
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ return NT_STATUS_GROUP_EXISTS;
+ }
+
+ map.gid = grp->gr_gid;
+ grpname = grp->gr_name;
+
+ if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+ &dom, &name, NULL, NULL)) {
+
+ const char *tmp = talloc_asprintf(
+ tmp_talloc_ctx(), "Unix Group %s", grp->gr_name);
+
+ DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
+ grpname, dom, name, tmp));
+ grpname = tmp;
+ }
+
+ if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+ NULL, NULL, NULL, NULL)) {
+ DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
+ return NT_STATUS_GROUP_EXISTS;
+ }
+
+ fstrcpy(map.nt_name, grpname);
+
+ if (pdb_rid_algorithm()) {
+ rid = pdb_gid_to_group_rid( grp->gr_gid );
+ } else {
+ if (!pdb_new_rid(&rid)) {
+ DEBUG(3, ("Could not get a new RID for %s\n",
+ grp->gr_name));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ sid_compose(&map.sid, get_global_sam_sid(), rid);
+ map.sid_name_use = SID_NAME_DOM_GRP;
+ fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s",
+ grp->gr_name));
+
+ status = pdb_add_group_mapping_entry(&map);
+ if (NT_STATUS_IS_OK(status)) {
+ *pmap = map;
+ }
+ return status;
+}
+
+/****************************************************************************
Return the sid and the type of the unix group.
****************************************************************************/
Modified: trunk/source/passdb/passdb.c
===================================================================
--- trunk/source/passdb/passdb.c 2006-01-31 23:13:54 UTC (rev 13266)
+++ trunk/source/passdb/passdb.c 2006-01-31 23:21:47 UTC (rev 13267)
@@ -403,6 +403,7 @@
if (!pdb_gid_to_sid(pwd->pw_gid, &group_sid)) {
struct group *grp;
+ GROUP_MAP map;
grp = getgrgid(pwd->pw_gid);
if (grp == NULL) {
@@ -412,13 +413,17 @@
goto done;
}
- DEBUG(1, ("\nPrimary group %s of user %s is not mapped to "
- "a domain group\n"
- "Please add a mapping with\n\n"
- "net sam mapunixgroup %s\n\n",
- grp->gr_name, username, grp->gr_name));
- result = NT_STATUS_INVALID_PRIMARY_GROUP;
- goto done;
+ DEBUG(5, ("Primary group %s of user %s is not mapped to "
+ "a domain group, auto-mapping it\n",
+ grp->gr_name, username));
+ result = map_unix_group(grp, &map);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(1, ("Failed to map group %s\n", grp->gr_name));
+ goto done;
+ }
+ sid_copy(&group_sid, &map.sid);
+ DEBUG(5, ("Mapped unix group %s to SID %s\n",
+ grp->gr_name, sid_string_static(&group_sid)));
}
/* Now check that it's actually a domain group and not something
Modified: trunk/source/utils/net_sam.c
===================================================================
--- trunk/source/utils/net_sam.c 2006-01-31 23:13:54 UTC (rev 13266)
+++ trunk/source/utils/net_sam.c 2006-01-31 23:21:47 UTC (rev 13267)
@@ -409,48 +409,8 @@
return -1;
}
- if (pdb_getgrgid(&map, grp->gr_gid)) {
- d_fprintf(stderr, "%s already mapped to %s (%s)\n",
- argv[0], map.nt_name,
- sid_string_static(&map.sid));
- return -1;
- }
+ status = map_unix_group(grp, &map);
- map.gid = grp->gr_gid;
-
- grpname = argv[0];
-
- if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
- &dom, &name, NULL, NULL)) {
-
- const char *tmp = talloc_asprintf(
- tmp_talloc_ctx(), "Unix Group %s", argv[0]);
-
- d_fprintf(stderr, "%s exists as %s\\%s, retrying as \"%s\"\n",
- grpname, dom, name, tmp);
- grpname = tmp;
- }
-
- if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
- NULL, NULL, NULL, NULL)) {
- d_fprintf(stderr, "\"%s\" exists, can't map it\n", argv[0]);
- return -1;
- }
-
- fstrcpy(map.nt_name, grpname);
-
- if (!pdb_new_rid(&rid)) {
- d_fprintf(stderr, "Could not get a new rid\n");
- return -1;
- }
-
- sid_compose(&map.sid, get_global_sam_sid(), rid);
- map.sid_name_use = SID_NAME_DOM_GRP;
- fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s",
- argv[0]));
-
- status = pdb_add_group_mapping_entry(&map);
-
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "Mapping group %s failed with %s\n",
argv[0], nt_errstr(status));
More information about the samba-cvs
mailing list