svn commit: samba r13267 - in trunk/source: groupdb passdb utils

vlendec at samba.org vlendec at samba.org
Tue Jan 31 23:21:48 GMT 2006


Author: vlendec
Date: 2006-01-31 23:21:47 +0000 (Tue, 31 Jan 2006)
New Revision: 13267

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13267

Log:
Automatically create explicit group mappings for the primary group of users
about to be added to pdb. This helps with smbpasswd -a but also usrmgr.exe for
all the distros with per-user individual groups.

Volker
Modified:
   trunk/source/groupdb/mapping.c
   trunk/source/passdb/passdb.c
   trunk/source/utils/net_sam.c


Changeset:
Modified: trunk/source/groupdb/mapping.c
===================================================================
--- trunk/source/groupdb/mapping.c	2006-01-31 23:13:54 UTC (rev 13266)
+++ trunk/source/groupdb/mapping.c	2006-01-31 23:21:47 UTC (rev 13267)
@@ -180,6 +180,64 @@
 }
 
 /****************************************************************************
+ Map a unix group to a newly created mapping
+****************************************************************************/
+NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
+{
+	NTSTATUS status;
+	GROUP_MAP map;
+	const char *grpname, *dom, *name;
+	uint32 rid;
+
+	if (pdb_getgrgid(&map, grp->gr_gid)) {
+		return NT_STATUS_GROUP_EXISTS;
+	}
+
+	map.gid = grp->gr_gid;
+	grpname = grp->gr_name;
+
+	if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+			&dom, &name, NULL, NULL)) {
+
+		const char *tmp = talloc_asprintf(
+			tmp_talloc_ctx(), "Unix Group %s", grp->gr_name);
+
+		DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
+			  grpname, dom, name, tmp));
+		grpname = tmp;
+	}
+
+	if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
+			NULL, NULL, NULL, NULL)) {
+		DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
+		return NT_STATUS_GROUP_EXISTS;
+	}
+
+	fstrcpy(map.nt_name, grpname);
+
+	if (pdb_rid_algorithm()) {
+		rid = pdb_gid_to_group_rid( grp->gr_gid );
+	} else {
+		if (!pdb_new_rid(&rid)) {
+			DEBUG(3, ("Could not get a new RID for %s\n",
+				  grp->gr_name));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+	sid_compose(&map.sid, get_global_sam_sid(), rid);
+	map.sid_name_use = SID_NAME_DOM_GRP;
+	fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s",
+					     grp->gr_name));
+
+	status = pdb_add_group_mapping_entry(&map);
+	if (NT_STATUS_IS_OK(status)) {
+		*pmap = map;
+	}
+	return status;
+}
+
+/****************************************************************************
  Return the sid and the type of the unix group.
 ****************************************************************************/
 

Modified: trunk/source/passdb/passdb.c
===================================================================
--- trunk/source/passdb/passdb.c	2006-01-31 23:13:54 UTC (rev 13266)
+++ trunk/source/passdb/passdb.c	2006-01-31 23:21:47 UTC (rev 13267)
@@ -403,6 +403,7 @@
 
 	if (!pdb_gid_to_sid(pwd->pw_gid, &group_sid)) {
 		struct group *grp;
+		GROUP_MAP map;
 
 		grp = getgrgid(pwd->pw_gid);
 		if (grp == NULL) {
@@ -412,13 +413,17 @@
 			goto done;
 		}
 
-		DEBUG(1, ("\nPrimary group %s of user %s is not mapped to "
-			  "a domain group\n"
-			  "Please add a mapping with\n\n"
-			  "net sam mapunixgroup %s\n\n",
-			  grp->gr_name, username, grp->gr_name));
-		result = NT_STATUS_INVALID_PRIMARY_GROUP;
-		goto done;
+		DEBUG(5, ("Primary group %s of user %s is not mapped to "
+			  "a domain group, auto-mapping it\n",
+			  grp->gr_name, username));
+		result = map_unix_group(grp, &map);
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(1, ("Failed to map group %s\n", grp->gr_name));
+			goto done;
+		}
+		sid_copy(&group_sid, &map.sid);
+		DEBUG(5, ("Mapped unix group %s to SID %s\n",
+			  grp->gr_name, sid_string_static(&group_sid)));
 	}
 
 	/* Now check that it's actually a domain group and not something

Modified: trunk/source/utils/net_sam.c
===================================================================
--- trunk/source/utils/net_sam.c	2006-01-31 23:13:54 UTC (rev 13266)
+++ trunk/source/utils/net_sam.c	2006-01-31 23:21:47 UTC (rev 13267)
@@ -409,48 +409,8 @@
 		return -1;
 	}
 
-	if (pdb_getgrgid(&map, grp->gr_gid)) {
-		d_fprintf(stderr, "%s already mapped to %s (%s)\n",
-			  argv[0], map.nt_name,
-			  sid_string_static(&map.sid));
-		return -1;
-	}
+	status = map_unix_group(grp, &map);
 
-	map.gid = grp->gr_gid;
-
-	grpname = argv[0];
-
-	if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
-			&dom, &name, NULL, NULL)) {
-
-		const char *tmp = talloc_asprintf(
-			tmp_talloc_ctx(), "Unix Group %s", argv[0]);
-
-		d_fprintf(stderr, "%s exists as %s\\%s, retrying as \"%s\"\n",
-			  grpname, dom, name, tmp);
-		grpname = tmp;
-	}
-
-	if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED,
-			NULL, NULL, NULL, NULL)) {
-		d_fprintf(stderr, "\"%s\" exists, can't map it\n", argv[0]);
-		return -1;
-	}
-
-	fstrcpy(map.nt_name, grpname);
-
-	if (!pdb_new_rid(&rid)) {
-		d_fprintf(stderr, "Could not get a new rid\n");
-		return -1;
-	}
-
-	sid_compose(&map.sid, get_global_sam_sid(), rid);
-	map.sid_name_use = SID_NAME_DOM_GRP;
-	fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s",
-					     argv[0]));
-
-	status = pdb_add_group_mapping_entry(&map);
-
 	if (!NT_STATUS_IS_OK(status)) {
 		d_fprintf(stderr, "Mapping group %s failed with %s\n",
 			  argv[0], nt_errstr(status));



More information about the samba-cvs mailing list