root/source3/utils/net_sam.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. net_sam_userset
  2. net_sam_set_fullname
  3. net_sam_set_logonscript
  4. net_sam_set_profilepath
  5. net_sam_set_homedrive
  6. net_sam_set_homedir
  7. net_sam_set_workstations
  8. net_sam_set_userflag
  9. net_sam_set_disabled
  10. net_sam_set_pwnotreq
  11. net_sam_set_autolock
  12. net_sam_set_pwnoexp
  13. net_sam_set_pwdmustchangenow
  14. net_sam_set_comment
  15. net_sam_set
  16. net_sam_policy_set
  17. net_sam_policy_show
  18. net_sam_policy_list
  19. net_sam_policy
  20. net_sam_rights_list
  21. net_sam_rights_grant
  22. net_sam_rights_revoke
  23. net_sam_rights
  24. map_unix_group
  25. net_sam_mapunixgroup
  26. unmap_unix_group
  27. net_sam_unmapunixgroup
  28. net_sam_createlocalgroup
  29. net_sam_deletelocalgroup
  30. net_sam_createbuiltingroup
  31. net_sam_addmem
  32. net_sam_delmem
  33. net_sam_listmem
  34. net_sam_do_list
  35. net_sam_list_users
  36. net_sam_list_groups
  37. net_sam_list_localgroups
  38. net_sam_list_builtin
  39. net_sam_list_workstations
  40. net_sam_list
  41. net_sam_show
  42. net_sam_provision
  43. net_sam

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Local SAM access routines
   4  *  Copyright (C) Volker Lendecke 2006
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 
  21 #include "includes.h"
  22 #include "utils/net.h"
  23 
  24 /*
  25  * Set a user's data
  26  */
  27 
  28 static int net_sam_userset(struct net_context *c, int argc, const char **argv,
     /* [<][>][^][v][top][bottom][index][help] */
  29                            const char *field,
  30                            bool (*fn)(struct samu *, const char *,
  31                                       enum pdb_value_state))
  32 {
  33         struct samu *sam_acct = NULL;
  34         DOM_SID sid;
  35         enum lsa_SidType type;
  36         const char *dom, *name;
  37         NTSTATUS status;
  38 
  39         if (argc != 2 || c->display_usage) {
  40                 d_fprintf(stderr, "usage: net sam set %s <user> <value>\n",
  41                           field);
  42                 return -1;
  43         }
  44 
  45         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
  46                          &dom, &name, &sid, &type)) {
  47                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
  48                 return -1;
  49         }
  50 
  51         if (type != SID_NAME_USER) {
  52                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
  53                           sid_type_lookup(type));
  54                 return -1;
  55         }
  56 
  57         if ( !(sam_acct = samu_new( NULL )) ) {
  58                 d_fprintf(stderr, "Internal error\n");
  59                 return -1;
  60         }
  61 
  62         if (!pdb_getsampwsid(sam_acct, &sid)) {
  63                 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
  64                 return -1;
  65         }
  66 
  67         if (!fn(sam_acct, argv[1], PDB_CHANGED)) {
  68                 d_fprintf(stderr, "Internal error\n");
  69                 return -1;
  70         }
  71 
  72         status = pdb_update_sam_account(sam_acct);
  73         if (!NT_STATUS_IS_OK(status)) {
  74                 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
  75                           argv[0], nt_errstr(status));
  76                 return -1;
  77         }
  78 
  79         TALLOC_FREE(sam_acct);
  80 
  81         d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]);
  82         return 0;
  83 }
  84 
  85 static int net_sam_set_fullname(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
  86                                 const char **argv)
  87 {
  88         return net_sam_userset(c, argc, argv, "fullname",
  89                                pdb_set_fullname);
  90 }
  91 
  92 static int net_sam_set_logonscript(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
  93                                    const char **argv)
  94 {
  95         return net_sam_userset(c, argc, argv, "logonscript",
  96                                pdb_set_logon_script);
  97 }
  98 
  99 static int net_sam_set_profilepath(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 100                                    const char **argv)
 101 {
 102         return net_sam_userset(c, argc, argv, "profilepath",
 103                                pdb_set_profile_path);
 104 }
 105 
 106 static int net_sam_set_homedrive(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 107                                  const char **argv)
 108 {
 109         return net_sam_userset(c, argc, argv, "homedrive",
 110                                pdb_set_dir_drive);
 111 }
 112 
 113 static int net_sam_set_homedir(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 114                                const char **argv)
 115 {
 116         return net_sam_userset(c, argc, argv, "homedir",
 117                                pdb_set_homedir);
 118 }
 119 
 120 static int net_sam_set_workstations(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 121                                     const char **argv)
 122 {
 123         return net_sam_userset(c, argc, argv, "workstations",
 124                                pdb_set_workstations);
 125 }
 126 
 127 /*
 128  * Set account flags
 129  */
 130 
 131 static int net_sam_set_userflag(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 132                                 const char **argv, const char *field,
 133                                 uint16 flag)
 134 {
 135         struct samu *sam_acct = NULL;
 136         DOM_SID sid;
 137         enum lsa_SidType type;
 138         const char *dom, *name;
 139         NTSTATUS status;
 140         uint16 acct_flags;
 141 
 142         if ((argc != 2) || c->display_usage ||
 143             (!strequal(argv[1], "yes") &&
 144              !strequal(argv[1], "no"))) {
 145                 d_fprintf(stderr, "usage: net sam set %s <user> [yes|no]\n",
 146                           field);
 147                 return -1;
 148         }
 149 
 150         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
 151                          &dom, &name, &sid, &type)) {
 152                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 153                 return -1;
 154         }
 155 
 156         if (type != SID_NAME_USER) {
 157                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
 158                           sid_type_lookup(type));
 159                 return -1;
 160         }
 161 
 162         if ( !(sam_acct = samu_new( NULL )) ) {
 163                 d_fprintf(stderr, "Internal error\n");
 164                 return -1;
 165         }
 166 
 167         if (!pdb_getsampwsid(sam_acct, &sid)) {
 168                 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
 169                 return -1;
 170         }
 171 
 172         acct_flags = pdb_get_acct_ctrl(sam_acct);
 173 
 174         if (strequal(argv[1], "yes")) {
 175                 acct_flags |= flag;
 176         } else {
 177                 acct_flags &= ~flag;
 178         }
 179 
 180         pdb_set_acct_ctrl(sam_acct, acct_flags, PDB_CHANGED);
 181 
 182         status = pdb_update_sam_account(sam_acct);
 183         if (!NT_STATUS_IS_OK(status)) {
 184                 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
 185                           argv[0], nt_errstr(status));
 186                 return -1;
 187         }
 188 
 189         TALLOC_FREE(sam_acct);
 190 
 191         d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom,
 192                   name, argv[1]);
 193         return 0;
 194 }
 195 
 196 static int net_sam_set_disabled(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 197                                 const char **argv)
 198 {
 199         return net_sam_set_userflag(c, argc, argv, "disabled", ACB_DISABLED);
 200 }
 201 
 202 static int net_sam_set_pwnotreq(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 203                                 const char **argv)
 204 {
 205         return net_sam_set_userflag(c, argc, argv, "pwnotreq", ACB_PWNOTREQ);
 206 }
 207 
 208 static int net_sam_set_autolock(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 209                                 const char **argv)
 210 {
 211         return net_sam_set_userflag(c, argc, argv, "autolock", ACB_AUTOLOCK);
 212 }
 213 
 214 static int net_sam_set_pwnoexp(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 215                                const char **argv)
 216 {
 217         return net_sam_set_userflag(c, argc, argv, "pwnoexp", ACB_PWNOEXP);
 218 }
 219 
 220 /*
 221  * Set pass last change time, based on force pass change now
 222  */
 223 
 224 static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 225                                         const char **argv)
 226 {
 227         struct samu *sam_acct = NULL;
 228         DOM_SID sid;
 229         enum lsa_SidType type;
 230         const char *dom, *name;
 231         NTSTATUS status;
 232 
 233         if ((argc != 2) || c->display_usage ||
 234             (!strequal(argv[1], "yes") &&
 235              !strequal(argv[1], "no"))) {
 236                 d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n");
 237                 return -1;
 238         }
 239 
 240         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
 241                          &dom, &name, &sid, &type)) {
 242                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 243                 return -1;
 244         }
 245 
 246         if (type != SID_NAME_USER) {
 247                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
 248                           sid_type_lookup(type));
 249                 return -1;
 250         }
 251 
 252         if ( !(sam_acct = samu_new( NULL )) ) {
 253                 d_fprintf(stderr, "Internal error\n");
 254                 return -1;
 255         }
 256 
 257         if (!pdb_getsampwsid(sam_acct, &sid)) {
 258                 d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
 259                 return -1;
 260         }
 261 
 262         if (strequal(argv[1], "yes")) {
 263                 pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED);
 264         } else {
 265                 pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED);
 266         }
 267 
 268         status = pdb_update_sam_account(sam_acct);
 269         if (!NT_STATUS_IS_OK(status)) {
 270                 d_fprintf(stderr, "Updating sam account %s failed with %s\n",
 271                           argv[0], nt_errstr(status));
 272                 return -1;
 273         }
 274 
 275         TALLOC_FREE(sam_acct);
 276 
 277         d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom,
 278                   name, argv[1]);
 279         return 0;
 280 }
 281 
 282 
 283 /*
 284  * Set a user's or a group's comment
 285  */
 286 
 287 static int net_sam_set_comment(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 288                                const char **argv)
 289 {
 290         GROUP_MAP map;
 291         DOM_SID sid;
 292         enum lsa_SidType type;
 293         const char *dom, *name;
 294         NTSTATUS status;
 295 
 296         if (argc != 2 || c->display_usage) {
 297                 d_fprintf(stderr, "usage: net sam set comment <name> "
 298                           "<comment>\n");
 299                 return -1;
 300         }
 301 
 302         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
 303                          &dom, &name, &sid, &type)) {
 304                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 305                 return -1;
 306         }
 307 
 308         if (type == SID_NAME_USER) {
 309                 return net_sam_userset(c, argc, argv, "comment",
 310                                        pdb_set_acct_desc);
 311         }
 312 
 313         if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
 314             (type != SID_NAME_WKN_GRP)) {
 315                 d_fprintf(stderr, "%s is a %s, not a group\n", argv[0],
 316                           sid_type_lookup(type));
 317                 return -1;
 318         }
 319 
 320         if (!pdb_getgrsid(&map, sid)) {
 321                 d_fprintf(stderr, "Could not load group %s\n", argv[0]);
 322                 return -1;
 323         }
 324 
 325         fstrcpy(map.comment, argv[1]);
 326 
 327         status = pdb_update_group_mapping_entry(&map);
 328 
 329         if (!NT_STATUS_IS_OK(status)) {
 330                 d_fprintf(stderr, "Updating group mapping entry failed with "
 331                           "%s\n", nt_errstr(status));
 332                 return -1;
 333         }
 334 
 335         d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
 336                  argv[1]);
 337 
 338         return 0;
 339 }
 340 
 341 static int net_sam_set(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 342 {
 343         struct functable func[] = {
 344                 {
 345                         "homedir",
 346                         net_sam_set_homedir,
 347                         NET_TRANSPORT_LOCAL,
 348                         "Change a user's home directory",
 349                         "net sam set homedir\n"
 350                         "    Change a user's home directory"
 351                 },
 352                 {
 353                         "profilepath",
 354                         net_sam_set_profilepath,
 355                         NET_TRANSPORT_LOCAL,
 356                         "Change a user's profile path",
 357                         "net sam set profilepath\n"
 358                         "    Change a user's profile path"
 359                 },
 360                 {
 361                         "comment",
 362                         net_sam_set_comment,
 363                         NET_TRANSPORT_LOCAL,
 364                         "Change a users or groups description",
 365                         "net sam set comment\n"
 366                         "    Change a users or groups description"
 367                 },
 368                 {
 369                         "fullname",
 370                         net_sam_set_fullname,
 371                         NET_TRANSPORT_LOCAL,
 372                         "Change a user's full name",
 373                         "net sam set fullname\n"
 374                         "    Change a user's full name"
 375                 },
 376                 {
 377                         "logonscript",
 378                         net_sam_set_logonscript,
 379                         NET_TRANSPORT_LOCAL,
 380                         "Change a user's logon script",
 381                         "net sam set logonscript\n"
 382                         "    Change a user's logon script"
 383                 },
 384                 {
 385                         "homedrive",
 386                         net_sam_set_homedrive,
 387                         NET_TRANSPORT_LOCAL,
 388                         "Change a user's home drive",
 389                         "net sam set homedrive\n"
 390                         "    Change a user's home drive"
 391                 },
 392                 {
 393                         "workstations",
 394                         net_sam_set_workstations,
 395                         NET_TRANSPORT_LOCAL,
 396                         "Change a user's allowed workstations",
 397                         "net sam set workstations\n"
 398                         "    Change a user's allowed workstations"
 399                 },
 400                 {
 401                         "disabled",
 402                         net_sam_set_disabled,
 403                         NET_TRANSPORT_LOCAL,
 404                         "Disable/Enable a user",
 405                         "net sam set disable\n"
 406                         "    Disable/Enable a user"
 407                 },
 408                 {
 409                         "pwnotreq",
 410                         net_sam_set_pwnotreq,
 411                         NET_TRANSPORT_LOCAL,
 412                         "Disable/Enable the password not required flag",
 413                         "net sam set pwnotreq\n"
 414                         "    Disable/Enable the password not required flag"
 415                 },
 416                 {
 417                         "autolock",
 418                         net_sam_set_autolock,
 419                         NET_TRANSPORT_LOCAL,
 420                         "Disable/Enable a user's lockout flag",
 421                         "net sam set autolock\n"
 422                         "    Disable/Enable a user's lockout flag"
 423                 },
 424                 {
 425                         "pwnoexp",
 426                         net_sam_set_pwnoexp,
 427                         NET_TRANSPORT_LOCAL,
 428                         "Disable/Enable whether a user's pw does not expire",
 429                         "net sam set pwnoexp\n"
 430                         "    Disable/Enable whether a user's pw does not expire"
 431                 },
 432                 {
 433                         "pwdmustchangenow",
 434                         net_sam_set_pwdmustchangenow,
 435                         NET_TRANSPORT_LOCAL,
 436                         "Force users password must change at next logon",
 437                         "net sam set pwdmustchangenow\n"
 438                         "    Force users password must change at next logon"
 439                 },
 440                 {NULL, NULL, 0, NULL, NULL}
 441         };
 442 
 443         return net_run_function(c, argc, argv, "net sam set", func);
 444 }
 445 
 446 /*
 447  * Manage account policies
 448  */
 449 
 450 static int net_sam_policy_set(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 451 {
 452         const char *account_policy = NULL;
 453         uint32 value = 0;
 454         uint32 old_value = 0;
 455         int field;
 456         char *endptr;
 457 
 458         if (argc != 2 || c->display_usage) {
 459                 d_fprintf(stderr, "usage: net sam policy set " 
 460                           "\"<account policy>\" <value> \n");
 461                 return -1;
 462         }
 463 
 464         account_policy = argv[0];
 465         field = account_policy_name_to_fieldnum(account_policy);
 466 
 467         if (strequal(argv[1], "forever") || strequal(argv[1], "never")
 468             || strequal(argv[1], "off")) {
 469                 value = -1;
 470         }
 471         else {
 472                 value = strtoul(argv[1], &endptr, 10);
 473 
 474                 if ((endptr == argv[1]) || (endptr[0] != '\0')) {
 475                         d_printf("Unable to set policy \"%s\"! Invalid value "
 476                                  "\"%s\".\n", 
 477                                  account_policy, argv[1]); 
 478                         return -1;
 479                 }
 480         }
 481 
 482         if (field == 0) {
 483                 const char **names;
 484                 int i, count;
 485 
 486                 account_policy_names_list(&names, &count);
 487                 d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]);
 488                 d_fprintf(stderr, "Valid account policies are:\n");
 489 
 490                 for (i=0; i<count; i++) {
 491                         d_fprintf(stderr, "%s\n", names[i]);
 492                 }
 493 
 494                 SAFE_FREE(names);
 495                 return -1;
 496         }
 497 
 498         if (!pdb_get_account_policy(field, &old_value)) {
 499                 d_fprintf(stderr, "Valid account policy, but unable to fetch "
 500                           "value!\n");
 501         } else {
 502                 d_printf("Account policy \"%s\" value was: %d\n", account_policy,
 503                         old_value);
 504         }
 505 
 506         if (!pdb_set_account_policy(field, value)) {
 507                 d_fprintf(stderr, "Valid account policy, but unable to "
 508                           "set value!\n");
 509                 return -1;
 510         } else {
 511                 d_printf("Account policy \"%s\" value is now: %d\n", account_policy,
 512                         value);
 513         }
 514 
 515         return 0;
 516 }
 517 
 518 static int net_sam_policy_show(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 519 {
 520         const char *account_policy = NULL;
 521         uint32 old_value;
 522         int field;
 523 
 524         if (argc != 1 || c->display_usage) {
 525                 d_fprintf(stderr, "usage: net sam policy show"
 526                           " \"<account policy>\" \n");
 527                 return -1;
 528         }
 529 
 530         account_policy = argv[0];
 531         field = account_policy_name_to_fieldnum(account_policy);
 532 
 533         if (field == 0) {
 534                 const char **names;
 535                 int count;
 536                 int i;
 537                 account_policy_names_list(&names, &count);
 538                 d_fprintf(stderr, "No account policy by that name!\n");
 539                 if (count != 0) {
 540                         d_fprintf(stderr, "Valid account policies "
 541                                   "are:\n");
 542                         for (i=0; i<count; i++) {
 543                                 d_fprintf(stderr, "%s\n", names[i]);
 544                         }
 545                 }
 546                 SAFE_FREE(names);
 547                 return -1;
 548         }
 549 
 550         if (!pdb_get_account_policy(field, &old_value)) {
 551                 fprintf(stderr, "Valid account policy, but unable to "
 552                         "fetch value!\n");
 553                 return -1;
 554         }
 555 
 556         printf("Account policy \"%s\" description: %s\n",
 557                account_policy, account_policy_get_desc(field));
 558         printf("Account policy \"%s\" value is: %d\n", account_policy,
 559                old_value);
 560         return 0;
 561 }
 562 
 563 static int net_sam_policy_list(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 564 {
 565         const char **names;
 566         int count;
 567         int i;
 568 
 569         if (c->display_usage) {
 570                 d_printf("Usage:\n"
 571                          "net sam policy list\n"
 572                          "    List account policies\n");
 573                 return 0;
 574         }
 575 
 576         account_policy_names_list(&names, &count);
 577         if (count != 0) {
 578                 d_fprintf(stderr, "Valid account policies "
 579                           "are:\n");
 580                 for (i = 0; i < count ; i++) {
 581                         d_fprintf(stderr, "%s\n", names[i]);
 582                 }
 583         }
 584         SAFE_FREE(names);
 585         return -1;
 586 }
 587 
 588 static int net_sam_policy(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 589 {
 590         struct functable func[] = {
 591                 {
 592                         "list",
 593                         net_sam_policy_list,
 594                         NET_TRANSPORT_LOCAL,
 595                         "List account policies",
 596                         "net sam policy list\n"
 597                         "    List account policies"
 598                 },
 599                 {
 600                         "show",
 601                         net_sam_policy_show,
 602                         NET_TRANSPORT_LOCAL,
 603                         "Show account policies",
 604                         "net sam policy show\n"
 605                         "    Show account policies"
 606                 },
 607                 {
 608                         "set",
 609                         net_sam_policy_set,
 610                         NET_TRANSPORT_LOCAL,
 611                         "Change account policies",
 612                         "net sam policy set\n"
 613                         "    Change account policies"
 614                 },
 615                 {NULL, NULL, 0, NULL, NULL}
 616         };
 617 
 618         return net_run_function(c, argc, argv, "net sam policy", func);
 619 }
 620 
 621 extern PRIVS privs[];
 622 
 623 static int net_sam_rights_list(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 624                                const char **argv)
 625 {
 626         SE_PRIV mask;
 627 
 628         if (argc > 1 || c->display_usage) {
 629                 d_fprintf(stderr, "usage: net sam rights list [privilege name]\n");
 630                 return -1;
 631         }
 632 
 633         if (argc == 0) {
 634                 int i;
 635                 int num = count_all_privileges();
 636 
 637                 for (i=0; i<num; i++) {
 638                         d_printf("%s\n", privs[i].name);
 639                 }
 640                 return 0;
 641         }
 642 
 643         if (se_priv_from_name(argv[0], &mask)) {
 644                 DOM_SID *sids;
 645                 int i, num_sids;
 646                 NTSTATUS status;
 647 
 648                 status = privilege_enum_sids(&mask, talloc_tos(),
 649                                              &sids, &num_sids);
 650                 if (!NT_STATUS_IS_OK(status)) {
 651                         d_fprintf(stderr, "Could not list rights: %s\n",
 652                                   nt_errstr(status));
 653                         return -1;
 654                 }
 655 
 656                 for (i=0; i<num_sids; i++) {
 657                         const char *dom, *name;
 658                         enum lsa_SidType type;
 659 
 660                         if (lookup_sid(talloc_tos(), &sids[i], &dom, &name,
 661                                        &type)) {
 662                                 d_printf("%s\\%s\n", dom, name);
 663                         }
 664                         else {
 665                                 d_printf("%s\n", sid_string_tos(&sids[i]));
 666                         }
 667                 }
 668                 return 0;
 669         }
 670 
 671         return -1;
 672 }
 673 
 674 static int net_sam_rights_grant(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 675                                 const char **argv)
 676 {
 677         DOM_SID sid;
 678         enum lsa_SidType type;
 679         const char *dom, *name;
 680         SE_PRIV mask;
 681         int i;
 682 
 683         if (argc < 2 || c->display_usage) {
 684                 d_fprintf(stderr, "usage: net sam rights grant <name> "
 685                         "<rights> ...\n");
 686                 return -1;
 687         }
 688 
 689         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
 690                         &dom, &name, &sid, &type)) {
 691                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 692                 return -1;
 693         }
 694 
 695         for (i=1; i < argc; i++) {
 696                 if (!se_priv_from_name(argv[i], &mask)) {
 697                         d_fprintf(stderr, "%s unknown\n", argv[i]);
 698                         return -1;
 699                 }
 700 
 701                 if (!grant_privilege(&sid, &mask)) {
 702                         d_fprintf(stderr, "Could not grant privilege\n");
 703                         return -1;
 704                 }
 705 
 706                 d_printf("Granted %s to %s\\%s\n", argv[i], dom, name);
 707         }
 708 
 709         return 0;
 710 }
 711 
 712 static int net_sam_rights_revoke(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
 713                                 const char **argv)
 714 {
 715         DOM_SID sid;
 716         enum lsa_SidType type;
 717         const char *dom, *name;
 718         SE_PRIV mask;
 719         int i;
 720 
 721         if (argc < 2 || c->display_usage) {
 722                 d_fprintf(stderr, "usage: net sam rights revoke <name> "
 723                         "<rights>\n");
 724                 return -1;
 725         }
 726 
 727         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
 728                         &dom, &name, &sid, &type)) {
 729                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 730                 return -1;
 731         }
 732 
 733         for (i=1; i < argc; i++) {
 734 
 735                 if (!se_priv_from_name(argv[i], &mask)) {
 736                         d_fprintf(stderr, "%s unknown\n", argv[i]);
 737                         return -1;
 738                 }
 739 
 740                 if (!revoke_privilege(&sid, &mask)) {
 741                         d_fprintf(stderr, "Could not revoke privilege\n");
 742                         return -1;
 743                 }
 744 
 745                 d_printf("Revoked %s from %s\\%s\n", argv[i], dom, name);
 746         }
 747 
 748         return 0;
 749 }
 750 
 751 static int net_sam_rights(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 752 {
 753         struct functable func[] = {
 754                 {
 755                         "list",
 756                         net_sam_rights_list,
 757                         NET_TRANSPORT_LOCAL,
 758                         "List possible user rights",
 759                         "net sam rights list\n"
 760                         "    List possible user rights"
 761                 },
 762                 {
 763                         "grant",
 764                         net_sam_rights_grant,
 765                         NET_TRANSPORT_LOCAL,
 766                         "Grant right(s)",
 767                         "net sam rights grant\n"
 768                         "    Grant right(s)"
 769                 },
 770                 {
 771                         "revoke",
 772                         net_sam_rights_revoke,
 773                         NET_TRANSPORT_LOCAL,
 774                         "Revoke right(s)",
 775                         "net sam rights revoke\n"
 776                         "    Revoke right(s)"
 777                 },
 778                 {NULL, NULL, 0, NULL, NULL}
 779         };
 780         return net_run_function(c, argc, argv, "net sam rights", func);
 781 }
 782 
 783 /*
 784  * Map a unix group to a domain group
 785  */
 786 
 787 static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
     /* [<][>][^][v][top][bottom][index][help] */
 788 {
 789         NTSTATUS status;
 790         GROUP_MAP map;
 791         const char *grpname, *dom, *name;
 792         uint32 rid;
 793 
 794         if (pdb_getgrgid(&map, grp->gr_gid)) {
 795                 return NT_STATUS_GROUP_EXISTS;
 796         }
 797 
 798         map.gid = grp->gr_gid;
 799         grpname = grp->gr_name;
 800 
 801         if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
 802                         &dom, &name, NULL, NULL)) {
 803 
 804                 const char *tmp = talloc_asprintf(
 805                         talloc_tos(), "Unix Group %s", grp->gr_name);
 806 
 807                 DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
 808                           grpname, dom, name, tmp));
 809                 grpname = tmp;
 810         }
 811 
 812         if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
 813                         NULL, NULL, NULL, NULL)) {
 814                 DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
 815                 return NT_STATUS_GROUP_EXISTS;
 816         }
 817 
 818         fstrcpy(map.nt_name, grpname);
 819 
 820         if (pdb_rid_algorithm()) {
 821                 rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
 822         } else {
 823                 if (!pdb_new_rid(&rid)) {
 824                         DEBUG(3, ("Could not get a new RID for %s\n",
 825                                   grp->gr_name));
 826                         return NT_STATUS_ACCESS_DENIED;
 827                 }
 828         }
 829 
 830         sid_compose(&map.sid, get_global_sam_sid(), rid);
 831         map.sid_name_use = SID_NAME_DOM_GRP;
 832         fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s",
 833                                              grp->gr_name));
 834 
 835         status = pdb_add_group_mapping_entry(&map);
 836         if (NT_STATUS_IS_OK(status)) {
 837                 *pmap = map;
 838         }
 839         return status;
 840 }
 841 
 842 static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 843 {
 844         NTSTATUS status;
 845         GROUP_MAP map;
 846         struct group *grp;
 847 
 848         if (argc != 1 || c->display_usage) {
 849                 d_fprintf(stderr, "usage: net sam mapunixgroup <name>\n");
 850                 return -1;
 851         }
 852 
 853         grp = getgrnam(argv[0]);
 854         if (grp == NULL) {
 855                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
 856                 return -1;
 857         }
 858 
 859         status = map_unix_group(grp, &map);
 860 
 861         if (!NT_STATUS_IS_OK(status)) {
 862                 d_fprintf(stderr, "Mapping group %s failed with %s\n",
 863                           argv[0], nt_errstr(status));
 864                 return -1;
 865         }
 866 
 867         d_printf("Mapped unix group %s to SID %s\n", argv[0],
 868                  sid_string_tos(&map.sid));
 869 
 870         return 0;
 871 }
 872 
 873 /*
 874  * Remove a group mapping
 875  */
 876 
 877 static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
     /* [<][>][^][v][top][bottom][index][help] */
 878 {
 879         NTSTATUS status;
 880         GROUP_MAP map;
 881         const char *grpname;
 882         DOM_SID dom_sid;
 883 
 884         map.gid = grp->gr_gid;
 885         grpname = grp->gr_name;
 886 
 887         if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
 888                         NULL, NULL, NULL, NULL)) {
 889                 DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name));
 890                 return NT_STATUS_NO_SUCH_GROUP;
 891         }
 892 
 893         fstrcpy(map.nt_name, grpname);
 894 
 895         if (!pdb_gid_to_sid(map.gid, &dom_sid)) {
 896                 return NT_STATUS_UNSUCCESSFUL;
 897         }
 898 
 899         status = pdb_delete_group_mapping_entry(dom_sid);
 900 
 901         return status;
 902 }
 903 
 904 static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 905 {
 906         NTSTATUS status;
 907         GROUP_MAP map;
 908         struct group *grp;
 909 
 910         if (argc != 1 || c->display_usage) {
 911                 d_fprintf(stderr, "usage: net sam unmapunixgroup <name>\n");
 912                 return -1;
 913         }
 914 
 915         grp = getgrnam(argv[0]);
 916         if (grp == NULL) {
 917                 d_fprintf(stderr, "Could not find mapping for group %s.\n", argv[0]);
 918                 return -1;
 919         }
 920 
 921         status = unmap_unix_group(grp, &map);
 922 
 923         if (!NT_STATUS_IS_OK(status)) {
 924                 d_fprintf(stderr, "Unmapping group %s failed with %s.\n",
 925                           argv[0], nt_errstr(status));
 926                 return -1;
 927         }
 928 
 929         d_printf("Unmapped unix group %s.\n", argv[0]);
 930 
 931         return 0;
 932 }
 933 
 934 /*
 935  * Create a local group
 936  */
 937 
 938 static int net_sam_createlocalgroup(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 939 {
 940         NTSTATUS status;
 941         uint32 rid;
 942 
 943         if (argc != 1 || c->display_usage) {
 944                 d_fprintf(stderr, "usage: net sam createlocalgroup <name>\n");
 945                 return -1;
 946         }
 947 
 948         if (!winbind_ping()) {
 949                 d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
 950                           "only works when winbind runs.\n");
 951                 return -1;
 952         }
 953 
 954         status = pdb_create_alias(argv[0], &rid);
 955 
 956         if (!NT_STATUS_IS_OK(status)) {
 957                 d_fprintf(stderr, "Creating %s failed with %s\n",
 958                           argv[0], nt_errstr(status));
 959                 return -1;
 960         }
 961 
 962         d_printf("Created local group %s with RID %d\n", argv[0], rid);
 963 
 964         return 0;
 965 }
 966 
 967 /*
 968  * Delete a local group
 969  */
 970 
 971 static int net_sam_deletelocalgroup(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 972 {
 973         DOM_SID sid;
 974         enum lsa_SidType type;
 975         const char *dom, *name;
 976         NTSTATUS status;
 977 
 978         if (argc != 1 || c->display_usage) {
 979                 d_fprintf(stderr, "usage: net sam deletelocalgroup <name>\n");
 980                 return -1;
 981         }
 982 
 983         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
 984                          &dom, &name, &sid, &type)) {
 985                 d_fprintf(stderr, "Could not find %s.\n", argv[0]);
 986                 return -1;
 987         }
 988 
 989         if (type != SID_NAME_ALIAS) {
 990                 d_fprintf(stderr, "%s is a %s, not a local group.\n", argv[0],
 991                           sid_type_lookup(type));
 992                 return -1;
 993         }
 994 
 995         status = pdb_delete_alias(&sid);
 996 
 997         if (!NT_STATUS_IS_OK(status)) {
 998                 d_fprintf(stderr, "Deleting local group %s failed with %s\n",
 999                           argv[0], nt_errstr(status));
1000                 return -1;
1001         }
1002 
1003         d_printf("Deleted local group %s.\n", argv[0]);
1004 
1005         return 0;
1006 }
1007 
1008 /*
1009  * Create a builtin group
1010  */
1011 
1012 static int net_sam_createbuiltingroup(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1013 {
1014         NTSTATUS status;
1015         uint32 rid;
1016         enum lsa_SidType type;
1017         fstring groupname;
1018         DOM_SID sid;
1019 
1020         if (argc != 1 || c->display_usage) {
1021                 d_fprintf(stderr, "usage: net sam createbuiltingroup <name>\n");
1022                 return -1;
1023         }
1024 
1025         if (!winbind_ping()) {
1026                 d_fprintf(stderr, "winbind seems not to run. createbuiltingroup "
1027                           "only works when winbind runs.\n");
1028                 return -1;
1029         }
1030 
1031         /* validate the name and get the group */
1032 
1033         fstrcpy( groupname, "BUILTIN\\" );
1034         fstrcat( groupname, argv[0] );
1035 
1036         if ( !lookup_name(talloc_tos(), groupname, LOOKUP_NAME_ALL, NULL,
1037                           NULL, &sid, &type)) {
1038                 d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]);
1039                 return -1;
1040         }
1041 
1042         if ( !sid_peek_rid( &sid, &rid ) ) {
1043                 d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]);
1044                 return -1;
1045         }
1046 
1047         status = pdb_create_builtin_alias( rid );
1048 
1049         if (!NT_STATUS_IS_OK(status)) {
1050                 d_fprintf(stderr, "Creating %s failed with %s\n",
1051                           argv[0], nt_errstr(status));
1052                 return -1;
1053         }
1054 
1055         d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid);
1056 
1057         return 0;
1058 }
1059 
1060 /*
1061  * Add a group member
1062  */
1063 
1064 static int net_sam_addmem(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1065 {
1066         const char *groupdomain, *groupname, *memberdomain, *membername;
1067         DOM_SID group, member;
1068         enum lsa_SidType grouptype, membertype;
1069         NTSTATUS status;
1070 
1071         if (argc != 2 || c->display_usage) {
1072                 d_fprintf(stderr, "usage: net sam addmem <group> <member>\n");
1073                 return -1;
1074         }
1075 
1076         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1077                          &groupdomain, &groupname, &group, &grouptype)) {
1078                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
1079                 return -1;
1080         }
1081 
1082         /* check to see if the member to be added is a name or a SID */
1083 
1084         if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL,
1085                          &memberdomain, &membername, &member, &membertype))
1086         {
1087                 /* try it as a SID */
1088 
1089                 if ( !string_to_sid( &member, argv[1] ) ) {
1090                         d_fprintf(stderr, "Could not find member %s\n", argv[1]);
1091                         return -1;
1092                 }
1093 
1094                 if ( !lookup_sid(talloc_tos(), &member, &memberdomain,
1095                         &membername, &membertype) )
1096                 {
1097                         d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]);
1098                         return -1;
1099                 }
1100         }
1101 
1102         if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) {
1103                 if ((membertype != SID_NAME_USER) &&
1104                     (membertype != SID_NAME_DOM_GRP)) {
1105                         d_fprintf(stderr, "%s is a local group, only users "
1106                                   "and domain groups can be added.\n"
1107                                   "%s is a %s\n", argv[0], argv[1],
1108                                   sid_type_lookup(membertype));
1109                         return -1;
1110                 }
1111                 status = pdb_add_aliasmem(&group, &member);
1112 
1113                 if (!NT_STATUS_IS_OK(status)) {
1114                         d_fprintf(stderr, "Adding local group member failed "
1115                                   "with %s\n", nt_errstr(status));
1116                         return -1;
1117                 }
1118         } else {
1119                 d_fprintf(stderr, "Can only add members to local groups so "
1120                           "far, %s is a %s\n", argv[0],
1121                           sid_type_lookup(grouptype));
1122                 return -1;
1123         }
1124 
1125         d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername,
1126                 groupdomain, groupname);
1127 
1128         return 0;
1129 }
1130 
1131 /*
1132  * Delete a group member
1133  */
1134 
1135 static int net_sam_delmem(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1136 {
1137         const char *groupdomain, *groupname;
1138         const char *memberdomain = NULL;
1139         const char *membername = NULL;
1140         DOM_SID group, member;
1141         enum lsa_SidType grouptype;
1142         NTSTATUS status;
1143 
1144         if (argc != 2 || c->display_usage) {
1145                 d_fprintf(stderr, "usage: net sam delmem <group> <member>\n");
1146                 return -1;
1147         }
1148 
1149         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1150                          &groupdomain, &groupname, &group, &grouptype)) {
1151                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
1152                 return -1;
1153         }
1154 
1155         if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL,
1156                          &memberdomain, &membername, &member, NULL)) {
1157                 if (!string_to_sid(&member, argv[1])) {
1158                         d_fprintf(stderr, "Could not find member %s\n",
1159                                   argv[1]);
1160                         return -1;
1161                 }
1162         }
1163 
1164         if ((grouptype == SID_NAME_ALIAS) ||
1165             (grouptype == SID_NAME_WKN_GRP)) {
1166                 status = pdb_del_aliasmem(&group, &member);
1167 
1168                 if (!NT_STATUS_IS_OK(status)) {
1169                         d_fprintf(stderr, "Deleting local group member failed "
1170                                   "with %s\n", nt_errstr(status));
1171                         return -1;
1172                 }
1173         } else {
1174                 d_fprintf(stderr, "Can only delete members from local groups "
1175                           "so far, %s is a %s\n", argv[0],
1176                           sid_type_lookup(grouptype));
1177                 return -1;
1178         }
1179 
1180         if (membername != NULL) {
1181                 d_printf("Deleted %s\\%s from %s\\%s\n",
1182                          memberdomain, membername, groupdomain, groupname);
1183         } else {
1184                 d_printf("Deleted %s from %s\\%s\n",
1185                          sid_string_tos(&member), groupdomain, groupname);
1186         }
1187 
1188         return 0;
1189 }
1190 
1191 /*
1192  * List group members
1193  */
1194 
1195 static int net_sam_listmem(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1196 {
1197         const char *groupdomain, *groupname;
1198         DOM_SID group;
1199         enum lsa_SidType grouptype;
1200         NTSTATUS status;
1201 
1202         if (argc != 1 || c->display_usage) {
1203                 d_fprintf(stderr, "usage: net sam listmem <group>\n");
1204                 return -1;
1205         }
1206 
1207         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1208                          &groupdomain, &groupname, &group, &grouptype)) {
1209                 d_fprintf(stderr, "Could not find group %s\n", argv[0]);
1210                 return -1;
1211         }
1212 
1213         if ((grouptype == SID_NAME_ALIAS) ||
1214             (grouptype == SID_NAME_WKN_GRP)) {
1215                 DOM_SID *members = NULL;
1216                 size_t i, num_members = 0;
1217 
1218                 status = pdb_enum_aliasmem(&group, &members, &num_members);
1219 
1220                 if (!NT_STATUS_IS_OK(status)) {
1221                         d_fprintf(stderr, "Listing group members failed with "
1222                                   "%s\n", nt_errstr(status));
1223                         return -1;
1224                 }
1225 
1226                 d_printf("%s\\%s has %u members\n", groupdomain, groupname,
1227                          (unsigned int)num_members);
1228                 for (i=0; i<num_members; i++) {
1229                         const char *dom, *name;
1230                         if (lookup_sid(talloc_tos(), &members[i],
1231                                        &dom, &name, NULL)) {
1232                                 d_printf(" %s\\%s\n", dom, name);
1233                         } else {
1234                                 d_printf(" %s\n", sid_string_tos(&members[i]));
1235                         }
1236                 }
1237 
1238                 TALLOC_FREE(members);
1239         } else {
1240                 d_fprintf(stderr, "Can only list local group members so far.\n"
1241                           "%s is a %s\n", argv[0], sid_type_lookup(grouptype));
1242                 return -1;
1243         }
1244 
1245         return 0;
1246 }
1247 
1248 /*
1249  * Do the listing
1250  */
1251 static int net_sam_do_list(struct net_context *c, int argc, const char **argv,
     /* [<][>][^][v][top][bottom][index][help] */
1252                            struct pdb_search *search, const char *what)
1253 {
1254         bool verbose = (argc == 1);
1255 
1256         if ((argc > 1) || c->display_usage ||
1257             ((argc == 1) && !strequal(argv[0], "verbose"))) {
1258                 d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what);
1259                 return -1;
1260         }
1261 
1262         if (search == NULL) {
1263                 d_fprintf(stderr, "Could not start search\n");
1264                 return -1;
1265         }
1266 
1267         while (true) {
1268                 struct samr_displayentry entry;
1269                 if (!search->next_entry(search, &entry)) {
1270                         break;
1271                 }
1272                 if (verbose) {
1273                         d_printf("%s:%d:%s\n",
1274                                  entry.account_name,
1275                                  entry.rid,
1276                                  entry.description);
1277                 } else {
1278                         d_printf("%s\n", entry.account_name);
1279                 }
1280         }
1281 
1282         TALLOC_FREE(search);
1283         return 0;
1284 }
1285 
1286 static int net_sam_list_users(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
1287                               const char **argv)
1288 {
1289         return net_sam_do_list(c, argc, argv,
1290                                pdb_search_users(talloc_tos(), ACB_NORMAL),
1291                                "users");
1292 }
1293 
1294 static int net_sam_list_groups(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
1295                                const char **argv)
1296 {
1297         return net_sam_do_list(c, argc, argv, pdb_search_groups(talloc_tos()),
1298                                "groups");
1299 }
1300 
1301 static int net_sam_list_localgroups(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
1302                                     const char **argv)
1303 {
1304         return net_sam_do_list(c, argc, argv,
1305                                pdb_search_aliases(talloc_tos(),
1306                                                   get_global_sam_sid()),
1307                                "localgroups");
1308 }
1309 
1310 static int net_sam_list_builtin(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
1311                                 const char **argv)
1312 {
1313         return net_sam_do_list(c, argc, argv,
1314                                pdb_search_aliases(talloc_tos(),
1315                                                   &global_sid_Builtin),
1316                                "builtin");
1317 }
1318 
1319 static int net_sam_list_workstations(struct net_context *c, int argc,
     /* [<][>][^][v][top][bottom][index][help] */
1320                                      const char **argv)
1321 {
1322         return net_sam_do_list(c, argc, argv,
1323                                pdb_search_users(talloc_tos(), ACB_WSTRUST),
1324                                "workstations");
1325 }
1326 
1327 /*
1328  * List stuff
1329  */
1330 
1331 static int net_sam_list(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1332 {
1333         struct functable func[] = {
1334                 {
1335                         "users",
1336                         net_sam_list_users,
1337                         NET_TRANSPORT_LOCAL,
1338                         "List SAM users",
1339                         "net sam list users\n"
1340                         "    List SAM users"
1341                 },
1342                 {
1343                         "groups",
1344                         net_sam_list_groups,
1345                         NET_TRANSPORT_LOCAL,
1346                         "List SAM groups",
1347                         "net sam list groups\n"
1348                         "    List SAM groups"
1349                 },
1350                 {
1351                         "localgroups",
1352                         net_sam_list_localgroups,
1353                         NET_TRANSPORT_LOCAL,
1354                         "List SAM local groups",
1355                         "net sam list localgroups\n"
1356                         "    List SAM local groups"
1357                 },
1358                 {
1359                         "builtin",
1360                         net_sam_list_builtin,
1361                         NET_TRANSPORT_LOCAL,
1362                         "List builtin groups",
1363                         "net sam list builtin\n"
1364                         "    List builtin groups"
1365                 },
1366                 {
1367                         "workstations",
1368                         net_sam_list_workstations,
1369                         NET_TRANSPORT_LOCAL,
1370                         "List domain member workstations",
1371                         "net sam list workstations\n"
1372                         "    List domain member workstations"
1373                 },
1374                 {NULL, NULL, 0, NULL, NULL}
1375         };
1376 
1377         return net_run_function(c, argc, argv, "net sam list", func);
1378 }
1379 
1380 /*
1381  * Show details of SAM entries
1382  */
1383 
1384 static int net_sam_show(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1385 {
1386         DOM_SID sid;
1387         enum lsa_SidType type;
1388         const char *dom, *name;
1389 
1390         if (argc != 1 || c->display_usage) {
1391                 d_fprintf(stderr, "usage: net sam show <name>\n");
1392                 return -1;
1393         }
1394 
1395         if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1396                          &dom, &name, &sid, &type)) {
1397                 d_fprintf(stderr, "Could not find name %s\n", argv[0]);
1398                 return -1;
1399         }
1400 
1401         d_printf("%s\\%s is a %s with SID %s\n", dom, name,
1402                  sid_type_lookup(type), sid_string_tos(&sid));
1403 
1404         return 0;
1405 }
1406 
1407 #ifdef HAVE_LDAP
1408 
1409 /*
1410  * Init an LDAP tree with default users and Groups
1411  * if ldapsam:editposix is enabled
1412  */
1413 
1414 static int net_sam_provision(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1415 {
1416         TALLOC_CTX *tc;
1417         char *ldap_bk;
1418         char *ldap_uri = NULL;
1419         char *p;
1420         struct smbldap_state *ls;
1421         GROUP_MAP gmap;
1422         DOM_SID gsid;
1423         gid_t domusers_gid = -1;
1424         gid_t domadmins_gid = -1;
1425         struct samu *samuser;
1426         struct passwd *pwd;
1427         const char *rfc2307bis_str = NULL; /* for lp_parm_string return value */
1428 
1429         if (c->display_usage) {
1430                 d_printf("Usage:\n"
1431                          "net sam provision\n"
1432                          "    Init an LDAP tree with default users/groups\n");
1433                 return 0;
1434         }
1435 
1436         tc = talloc_new(NULL);
1437         if (!tc) {
1438                 d_fprintf(stderr, "Out of Memory!\n");
1439                 return -1;
1440         }
1441 
1442         if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) {
1443                 d_fprintf(stderr, "talloc failed\n");
1444                 talloc_free(tc);
1445                 return -1;
1446         }
1447         p = strchr(ldap_bk, ':');
1448         if (p) {
1449                 *p = 0;
1450                 ldap_uri = talloc_strdup(tc, p+1);
1451                 trim_char(ldap_uri, ' ', ' ');
1452         }
1453 
1454         trim_char(ldap_bk, ' ', ' ');
1455                 
1456         if (strcmp(ldap_bk, "ldapsam") != 0) {
1457                 d_fprintf(stderr, "Provisioning works only with ldapsam backend\n");
1458                 goto failed;
1459         }
1460         
1461         if (!lp_parm_bool(-1, "ldapsam", "trusted", false) ||
1462             !lp_parm_bool(-1, "ldapsam", "editposix", false)) {
1463 
1464                 d_fprintf(stderr, "Provisioning works only if ldapsam:trusted"
1465                                   " and ldapsam:editposix are enabled.\n");
1466                 goto failed;
1467         }
1468 
1469         if (!winbind_ping()) {
1470                 d_fprintf(stderr, "winbind seems not to run. Provisioning "
1471                           "LDAP only works when winbind runs.\n");
1472                 goto failed;
1473         }
1474 
1475         if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &ls))) {
1476                 d_fprintf(stderr, "Unable to connect to the LDAP server.\n");
1477                 goto failed;
1478         }
1479 
1480         d_printf("Checking for Domain Users group.\n");
1481 
1482         rfc2307bis_str = lp_parm_const_string(-1,"ldapsam","editposix_rfc2307bis",NULL); /* get option */
1483         d_printf("ldapsam:editposix_rfc2307bis = %s\n",rfc2307bis_str);
1484 
1485         sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
1486 
1487         if (!pdb_getgrsid(&gmap, gsid)) {
1488                 LDAPMod **mods = NULL;
1489                 char *dn;
1490                 char *uname;
1491                 char *wname;
1492                 char *gidstr;
1493                 char *gtype;
1494                 int rc;
1495 
1496                 d_printf("Adding the Domain Users group.\n");
1497 
1498                 /* lets allocate a new groupid for this group */
1499                 if (!winbind_allocate_gid(&domusers_gid)) {
1500                         d_fprintf(stderr, "Unable to allocate a new gid to create Domain Users group!\n");
1501                         goto domu_done;
1502                 }
1503 
1504                 uname = talloc_strdup(tc, "domusers");
1505                 wname = talloc_strdup(tc, "Domain Users");
1506                 dn = talloc_asprintf(tc, "cn=%s,%s", "domusers", lp_ldap_group_suffix());
1507                 gidstr = talloc_asprintf(tc, "%u", (unsigned int)domusers_gid);
1508                 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
1509 
1510                 if (!uname || !wname || !dn || !gidstr || !gtype) {
1511                         d_fprintf(stderr, "Out of Memory!\n");
1512                         goto failed;
1513                 }
1514 
1515                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
1516                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
1517 
1518                 if (rfc2307bis_str && strequal(rfc2307bis_str, "namedObject")) {
1519                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_NAMEDOBJECT);
1520                 } else if (strequal(rfc2307bis_str, "groupOfNames")) {
1521                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPOFNAMES);
1522                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "member", dn);
1523                 }
1524 
1525                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
1526                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
1527                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1528                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
1529                                 sid_string_talloc(tc, &gsid));
1530                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
1531 
1532                 talloc_autofree_ldapmod(tc, mods);
1533 
1534                 rc = smbldap_add(ls, dn, mods);
1535 
1536                 if (rc != LDAP_SUCCESS) {
1537                         d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n");
1538                 }
1539         } else {
1540                 domusers_gid = gmap.gid;
1541                 d_printf("found!\n");
1542         }       
1543 
1544 domu_done:
1545 
1546         d_printf("Checking for Domain Admins group.\n");
1547 
1548         sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
1549 
1550         if (!pdb_getgrsid(&gmap, gsid)) {
1551                 LDAPMod **mods = NULL;
1552                 char *dn;
1553                 char *uname;
1554                 char *wname;
1555                 char *gidstr;
1556                 char *gtype;
1557                 int rc;
1558 
1559                 d_printf("Adding the Domain Admins group.\n");
1560 
1561                 /* lets allocate a new groupid for this group */
1562                 if (!winbind_allocate_gid(&domadmins_gid)) {
1563                         d_fprintf(stderr, "Unable to allocate a new gid to create Domain Admins group!\n");
1564                         goto doma_done;
1565                 }
1566 
1567                 uname = talloc_strdup(tc, "domadmins");
1568                 wname = talloc_strdup(tc, "Domain Admins");
1569                 dn = talloc_asprintf(tc, "cn=%s,%s", "domadmins", lp_ldap_group_suffix());
1570                 gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
1571                 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
1572 
1573                 if (!uname || !wname || !dn || !gidstr || !gtype) {
1574                         d_fprintf(stderr, "Out of Memory!\n");
1575                         goto failed;
1576                 }
1577 
1578                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
1579                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
1580 
1581                if (rfc2307bis_str && strequal(rfc2307bis_str, "namedObject")) {
1582                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_NAMEDOBJECT);
1583                } else if (strequal(rfc2307bis_str, "groupOfNames")) {
1584                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPOFNAMES);
1585                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "member", dn);
1586                }
1587 
1588                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
1589                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
1590                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1591                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
1592                                 sid_string_talloc(tc, &gsid));
1593                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
1594 
1595                 talloc_autofree_ldapmod(tc, mods);
1596 
1597                 rc = smbldap_add(ls, dn, mods);
1598 
1599                 if (rc != LDAP_SUCCESS) {
1600                         d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n");
1601                 }
1602         } else {
1603                 domadmins_gid = gmap.gid;
1604                 d_printf("found!\n");
1605         }
1606 
1607 doma_done:
1608 
1609         d_printf("Check for Administrator account.\n");
1610 
1611         samuser = samu_new(tc);
1612         if (!samuser) {
1613                 d_fprintf(stderr, "Out of Memory!\n");
1614                 goto failed;
1615         }
1616 
1617         if (!pdb_getsampwnam(samuser, "Administrator")) {
1618                 LDAPMod **mods = NULL;
1619                 DOM_SID sid;
1620                 char *dn;
1621                 char *name;
1622                 char *uidstr;
1623                 char *gidstr;
1624                 char *shell;
1625                 char *dir;
1626                 uid_t uid;
1627                 int rc;
1628                 
1629                 d_printf("Adding the Administrator user.\n");
1630 
1631                 if (domadmins_gid == -1) {
1632                         d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n");
1633                         goto done;
1634                 }
1635                 if (!winbind_allocate_uid(&uid)) {
1636                         d_fprintf(stderr, "Unable to allocate a new uid to create the Administrator user!\n");
1637                         goto done;
1638                 }
1639                 name = talloc_strdup(tc, "Administrator");
1640                 dn = talloc_asprintf(tc, "uid=Administrator,%s", lp_ldap_user_suffix());
1641                 uidstr = talloc_asprintf(tc, "%u", (unsigned int)uid);
1642                 gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
1643                 dir = talloc_sub_specified(tc, lp_template_homedir(),
1644                                                 "Administrator",
1645                                                 get_global_sam_name(),
1646                                                 uid, domadmins_gid);
1647                 shell = talloc_sub_specified(tc, lp_template_shell(),
1648                                                 "Administrator",
1649                                                 get_global_sam_name(),
1650                                                 uid, domadmins_gid);
1651 
1652                 if (!name || !dn || !uidstr || !gidstr || !dir || !shell) {
1653                         d_fprintf(stderr, "Out of Memory!\n");
1654                         goto failed;
1655                 }
1656 
1657                 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN);
1658 
1659                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
1660                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
1661                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
1662                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name);
1663                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
1664                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
1665                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
1666                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1667                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir);
1668                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
1669                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID",
1670                                 sid_string_talloc(tc, &sid));
1671                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
1672                                 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
1673                                 NEW_PW_FORMAT_SPACE_PADDED_LEN));
1674 
1675                 talloc_autofree_ldapmod(tc, mods);
1676 
1677                 rc = smbldap_add(ls, dn, mods);
1678 
1679                 if (rc != LDAP_SUCCESS) {
1680                         d_fprintf(stderr, "Failed to add Administrator user to ldap directory\n");
1681                 }
1682         } else {
1683                 d_printf("found!\n");
1684         }
1685 
1686         d_printf("Checking for Guest user.\n");
1687 
1688         samuser = samu_new(tc);
1689         if (!samuser) {
1690                 d_fprintf(stderr, "Out of Memory!\n");
1691                 goto failed;
1692         }
1693 
1694         if (!pdb_getsampwnam(samuser, lp_guestaccount())) {
1695                 LDAPMod **mods = NULL;
1696                 DOM_SID sid;
1697                 char *dn;
1698                 char *uidstr;
1699                 char *gidstr;
1700                 int rc;
1701                 
1702                 d_printf("Adding the Guest user.\n");
1703 
1704                 pwd = getpwnam_alloc(tc, lp_guestaccount());
1705 
1706                 if (!pwd) {
1707                         if (domusers_gid == -1) {
1708                                 d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n");
1709                                 goto done;
1710                         }
1711                         if ((pwd = talloc(tc, struct passwd)) == NULL) {
1712                                 d_fprintf(stderr, "talloc failed\n");
1713                                 goto done;
1714                         }
1715                         pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
1716                         if (!winbind_allocate_uid(&(pwd->pw_uid))) {
1717                                 d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n");
1718                                 goto done;
1719                         }
1720                         pwd->pw_gid = domusers_gid;
1721                         pwd->pw_dir = talloc_strdup(tc, "/");
1722                         pwd->pw_shell = talloc_strdup(tc, "/bin/false");
1723                         if (!pwd->pw_dir || !pwd->pw_shell) {
1724                                 d_fprintf(stderr, "Out of Memory!\n");
1725                                 goto failed;
1726                         }
1727                 }
1728 
1729                 sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
1730 
1731                 dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ());
1732                 uidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_uid);
1733                 gidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_gid);
1734                 if (!dn || !uidstr || !gidstr) {
1735                         d_fprintf(stderr, "Out of Memory!\n");
1736                         goto failed;
1737                 }
1738 
1739                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
1740                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
1741                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
1742                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name);
1743                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name);
1744                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name);
1745                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
1746                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1747                 if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) {
1748                         smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir);
1749                 }
1750                 if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) {
1751                         smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell);
1752                 }
1753                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID",
1754                                 sid_string_talloc(tc, &sid));
1755                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
1756                                 pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
1757                                 NEW_PW_FORMAT_SPACE_PADDED_LEN));
1758 
1759                 talloc_autofree_ldapmod(tc, mods);
1760 
1761                 rc = smbldap_add(ls, dn, mods);
1762 
1763                 if (rc != LDAP_SUCCESS) {
1764                         d_fprintf(stderr, "Failed to add Guest user to ldap directory\n");
1765                 }
1766         } else {
1767                 d_printf("found!\n");
1768         }
1769 
1770         d_printf("Checking Guest's group.\n");
1771 
1772         pwd = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
1773         if (!pwd) {
1774                 d_fprintf(stderr, "Failed to find just created Guest account!\n"
1775                                   "   Is nss properly configured?!\n");
1776                 goto failed;
1777         }
1778 
1779         if (pwd->pw_gid == domusers_gid) {
1780                 d_printf("found!\n");
1781                 goto done;
1782         }
1783 
1784         if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
1785                 LDAPMod **mods = NULL;
1786                 char *dn;
1787                 char *uname;
1788                 char *wname;
1789                 char *gidstr;
1790                 char *gtype;
1791                 int rc;
1792 
1793                 d_printf("Adding the Domain Guests group.\n");
1794 
1795                 uname = talloc_strdup(tc, "domguests");
1796                 wname = talloc_strdup(tc, "Domain Guests");
1797                 dn = talloc_asprintf(tc, "cn=%s,%s", "domguests", lp_ldap_group_suffix());
1798                 gidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_gid);
1799                 gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
1800 
1801                 if (!uname || !wname || !dn || !gidstr || !gtype) {
1802                         d_fprintf(stderr, "Out of Memory!\n");
1803                         goto failed;
1804                 }
1805 
1806                 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS);
1807 
1808                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
1809                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
1810 
1811                if (rfc2307bis_str && strequal(rfc2307bis_str, "namedObject")) {
1812                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_NAMEDOBJECT);
1813                } else if (strequal(rfc2307bis_str, "groupOfNames")) {
1814                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPOFNAMES);
1815                     smbldap_set_mod(&mods, LDAP_MOD_ADD, "member", dn);
1816                }
1817 
1818                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
1819                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
1820                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1821                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
1822                                 sid_string_talloc(tc, &gsid));
1823                 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
1824 
1825                 talloc_autofree_ldapmod(tc, mods);
1826 
1827                 rc = smbldap_add(ls, dn, mods);
1828 
1829                 if (rc != LDAP_SUCCESS) {
1830                         d_fprintf(stderr, "Failed to add Domain Guests group to ldap directory\n");
1831                 }
1832         } else {
1833                 d_printf("found!\n");
1834         }
1835 
1836 
1837 done:
1838         talloc_free(tc);
1839         return 0;
1840 
1841 failed:
1842         talloc_free(tc);
1843         return -1;
1844 }
1845 
1846 #endif
1847 
1848 /***********************************************************
1849  migrated functionality from smbgroupedit
1850  **********************************************************/
1851 int net_sam(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
1852 {
1853         struct functable func[] = {
1854                 {
1855                         "createbuiltingroup",
1856                         net_sam_createbuiltingroup,
1857                         NET_TRANSPORT_LOCAL,
1858                         "Create a new BUILTIN group",
1859                         "net sam createbuiltingroup\n"
1860                         "    Create a new BUILTIN group"
1861                 },
1862                 {
1863                         "createlocalgroup",
1864                         net_sam_createlocalgroup,
1865                         NET_TRANSPORT_LOCAL,
1866                         "Create a new local group",
1867                         "net sam createlocalgroup\n"
1868                         "    Create a new local group"
1869                 },
1870                 {
1871                         "deletelocalgroup",
1872                         net_sam_deletelocalgroup,
1873                         NET_TRANSPORT_LOCAL,
1874                         "Delete an existing local group",
1875                         "net sam deletelocalgroup\n"
1876                         "    Delete an existing local group"
1877                 },
1878                 {
1879                         "mapunixgroup",
1880                         net_sam_mapunixgroup,
1881                         NET_TRANSPORT_LOCAL,
1882                         "Map a unix group to a domain group",
1883                         "net sam mapunixgroup\n"
1884                         "    Map a unix group to a domain group"
1885                 },
1886                 {
1887                         "unmapunixgroup",
1888                         net_sam_unmapunixgroup,
1889                         NET_TRANSPORT_LOCAL,
1890                         "Remove a group mapping of an unix group to a domain "
1891                         "group",
1892                         "net sam unmapunixgroup\n"
1893                         "    Remove a group mapping of an unix group to a "
1894                         "domain group"
1895                 },
1896                 {
1897                         "addmem",
1898                         net_sam_addmem,
1899                         NET_TRANSPORT_LOCAL,
1900                         "Add a member to a group",
1901                         "net sam addmem\n"
1902                         "    Add a member to a group"
1903                 },
1904                 {
1905                         "delmem",
1906                         net_sam_delmem,
1907                         NET_TRANSPORT_LOCAL,
1908                         "Delete a member from a group",
1909                         "net sam delmem\n"
1910                         "    Delete a member from a group"
1911                 },
1912                 {
1913                         "listmem",
1914                         net_sam_listmem,
1915                         NET_TRANSPORT_LOCAL,
1916                         "List group members",
1917                         "net sam listmem\n"
1918                         "    List group members"
1919                 },
1920                 {
1921                         "list",
1922                         net_sam_list,
1923                         NET_TRANSPORT_LOCAL,
1924                         "List users, groups and local groups",
1925                         "net sam list\n"
1926                         "    List users, groups and local groups"
1927                 },
1928                 {
1929                         "show",
1930                         net_sam_show,
1931                         NET_TRANSPORT_LOCAL,
1932                         "Show details of a SAM entry",
1933                         "net sam show\n"
1934                         "    Show details of a SAM entry"
1935                 },
1936                 {
1937                         "set",
1938                         net_sam_set,
1939                         NET_TRANSPORT_LOCAL,
1940                         "Set details of a SAM account",
1941                         "net sam set\n"
1942                         "    Set details of a SAM account"
1943                 },
1944                 {
1945                         "policy",
1946                         net_sam_policy,
1947                         NET_TRANSPORT_LOCAL,
1948                         "Set account policies",
1949                         "net sam policy\n"
1950                         "    Set account policies"
1951                 },
1952                 {
1953                         "rights",
1954                         net_sam_rights,
1955                         NET_TRANSPORT_LOCAL,
1956                         "Manipulate user privileges",
1957                         "net sam rights\n"
1958                         "    Manipulate user privileges"
1959                 },
1960 #ifdef HAVE_LDAP
1961                 {
1962                         "provision",
1963                         net_sam_provision,
1964                         NET_TRANSPORT_LOCAL,
1965                         "Provision a clean user database",
1966                         "net sam privison\n"
1967                         "    Provision a clear user database"
1968                 },
1969 #endif
1970                 {NULL, NULL, 0, NULL, NULL}
1971         };
1972 
1973         if (getuid() != 0) {
1974                 d_fprintf(stderr, "You are not root, most things won't "
1975                           "work\n");
1976         }
1977 
1978         return net_run_function(c, argc, argv, "net sam", func);
1979 }
1980 

/* [<][>][^][v][top][bottom][index][help] */