smbgroupedit patch

[Andrew Bartlett]

"Bradley W. Langhorst" wrote:
> 
> I propose the following changes to smbgroupedit in HEAD
> to keep others from getting burned as I did by a
> subtle change of group type during a unix association
> 
> I can't believe how long it took me to figure out why my
> my groups weren't showing up.

Yes, the tools isn't the most intuitive - and that's *after* I allowed
SIDs to be specified by name...

> --- smbgroupedit.c      Fri Aug  9 14:46:38 2002
> +++ /home/bitc_home/bwlang/devel/samba-3.0a/source/utils/smbgroupedit.c
> Thu Aug  8 18:36:53 2002
> @@ -161,20 +161,18 @@
>          * Allow changing of group type only between domain and local
>          * We disallow changing Builtin groups !!! (SID problem)
>          */
> -       /* Since we're changing a group  we should really keep the
> -        * old type unless the user explicitly specified a new type.
> -        * It is not possible to specify the UNKNOWN type
> -        */
> -       if (sid_type != SID_NAME_UNKNOWN) {
> -           if (sid_type != SID_NAME_WKN_GRP) {
> -               if (map.sid_name_use !=SID_NAME_WKN_GRP) {
> -                   map.sid_name_use=sid_type;
> +       if (sid_type==SID_NAME_ALIAS
> +           || sid_type==SID_NAME_DOM_GRP
> +           || sid_type==SID_NAME_UNKNOWN) {
> +               if (map.sid_name_use==SID_NAME_ALIAS
> +                   || map.sid_name_use==SID_NAME_DOM_GRP
> +                   || map.sid_name_use==SID_NAME_UNKNOWN) {
> +                       map.sid_name_use=sid_type;
>                 } else {
> -                   printf("cannot change group type from builtin\n");
> +                       printf("cannot change group type to builtin\n");
>                 };
> -           } else {
> -               printf("cannot change group type to builtin\n");
> -           }
> +       } else {
> +               printf("cannot change group type from builtin\n");
>         }

Why not just do an explict test on type builtin then...  

>         if (ntgroup!=NULL)
> 
> and here's a reminder for the doc file
> 
> ---
> /home/bitc_home/bwlang/devel/samba-3.0a/docs/textdocs/GROUP-MAPPING-HOWTO.txt       Thu Aug  8 18:34:58 2002
> +++ docs/textdocs/GROUP-MAPPING-HOWTO.txt       Fri Aug  9 15:04:47 2002
> @@ -58,3 +58,6 @@
> 
>          smbgroupedit -v
> 
> +
> +Don't forget that you must set the type of any new groups to Domain for
> them to show up in the NT user manager.
> +      smbgroupedit -c "group_name" -td
> 
> here's an addition to dissociate groups
> --- ../../samba-3.0a18/source/utils/smbgroupedit.c      Fri Jun  7
> 10:33:33 2002
> +++ utils/smbgroupedit.c        Fri Aug  9 15:27:49 2002
> 
> @@ -147,30 +149,37 @@
> 
>         /* If a new Unix group is specified, check and change */
>         if (group!=NULL) {
> +           if (strncmp(group,"-1", strlen(group)) == 0){
> +               printf("Dissociating unix groups from ntgroup: %s\n",
> map.nt_name);
> +               map.gid=-1; /*dissociate the unix group*/

Looks like a good idea - but we might to better to just have an option
to 'disassociate'.

> +           } else {
>                 gid=nametogid(group);
>                 if (gid==-1) {
> -                       printf("The UNIX group does not exist\n");
> +                       printf("The UNIX group: &s does not exist\n",
> group);

Did you actually compile this?  That looks like an aperstand to me, not
a % (percentage, format qualifier...).

>                         return -1;
>                 } else
>                         map.gid=gid;
> +           }
>         }

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net