The branch, master has been updated
via fa074c99166a8999b280ccb4cebec40c42422b0b (commit)
via 6545e9e2ac50fc9afeaccc1bf9965d12bb3121e6 (commit)
from 54fb170689a8ee97d95faa1a32dc53aed3e5ec58 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fa074c99166a8999b280ccb4cebec40c42422b0b
Author: Volker Lendecke <[email protected]>
Date: Tue Jun 9 15:24:06 2009 +0200
Implement pdb_ads_[add|del]_groupmem
commit 6545e9e2ac50fc9afeaccc1bf9965d12bb3121e6
Author: Volker Lendecke <[email protected]>
Date: Tue Jun 9 15:23:33 2009 +0200
Make "net sam [add|del]mem" work for domain groups
-----------------------------------------------------------------------
Summary of changes:
source3/passdb/pdb_ads.c | 80 +++++++++++++++++++++++++++++++++++++++------
source3/utils/net_sam.c | 24 ++++++++++++++
2 files changed, 93 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 45aab1c..c07003f 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -19,15 +19,6 @@
#include "includes.h"
-static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
- struct samu *sam_acct,
- const DOM_SID *sid);
-static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
- DOM_SID *sid);
-static bool pdb_ads_dnblob2sid(struct tldap_context *ld, DATA_BLOB *dnblob,
- struct dom_sid *psid);
-
-
struct pdb_ads_state {
struct tldap_context *ld;
struct dom_sid domainsid;
@@ -36,6 +27,17 @@ struct pdb_ads_state {
char *netbiosname;
};
+static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
+ struct samu *sam_acct,
+ const DOM_SID *sid);
+static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
+ DOM_SID *sid);
+static bool pdb_ads_dnblob2sid(struct tldap_context *ld, DATA_BLOB *dnblob,
+ struct dom_sid *psid);
+static NTSTATUS pdb_ads_sid2dn(struct pdb_ads_state *state,
+ const struct dom_sid *sid,
+ TALLOC_CTX *mem_ctx, char **pdn);
+
static bool pdb_ads_pull_time(struct tldap_message *msg, const char *attr,
time_t *ptime)
{
@@ -887,18 +889,74 @@ static NTSTATUS pdb_ads_set_unix_primary_group(struct
pdb_methods *m,
return NT_STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS pdb_ads_mod_groupmem(struct pdb_methods *m,
+ TALLOC_CTX *mem_ctx,
+ uint32 grouprid, uint32 memberrid,
+ int mod_op)
+{
+ struct pdb_ads_state *state = talloc_get_type_abort(
+ m->private_data, struct pdb_ads_state);
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct dom_sid groupsid, membersid;
+ char *groupdn, *memberdn;
+ struct tldap_mod *mods;
+ int rc;
+ NTSTATUS status;
+
+ sid_compose(&groupsid, &state->domainsid, grouprid);
+ sid_compose(&membersid, &state->domainsid, memberrid);
+
+ status = pdb_ads_sid2dn(state, &groupsid, talloc_tos(), &groupdn);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+ status = pdb_ads_sid2dn(state, &membersid, talloc_tos(), &memberdn);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ mods = NULL;
+
+ if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op,
+ "member", memberdn)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ rc = tldap_modify(state->ld, groupdn, 1, mods, NULL, NULL);
+ TALLOC_FREE(frame);
+ if (rc != TLDAP_SUCCESS) {
+ DEBUG(10, ("ldap_modify failed: %s\n",
+ tldap_errstr(debug_ctx(), state->ld, rc)));
+ if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
+ return NT_STATUS_MEMBER_IN_GROUP;
+ }
+ if (rc == TLDAP_NO_SUCH_ATTRIBUTE) {
+ return NT_STATUS_MEMBER_NOT_IN_GROUP;
+ }
+ return NT_STATUS_LDAP(rc);
+ }
+
+ return NT_STATUS_OK;
+}
+
static NTSTATUS pdb_ads_add_groupmem(struct pdb_methods *m,
TALLOC_CTX *mem_ctx,
uint32 group_rid, uint32 member_rid)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return pdb_ads_mod_groupmem(m, mem_ctx, group_rid, member_rid,
+ TLDAP_MOD_ADD);
}
static NTSTATUS pdb_ads_del_groupmem(struct pdb_methods *m,
TALLOC_CTX *mem_ctx,
uint32 group_rid, uint32 member_rid)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return pdb_ads_mod_groupmem(m, mem_ctx, group_rid, member_rid,
+ TLDAP_MOD_DELETE);
}
static NTSTATUS pdb_ads_create_alias(struct pdb_methods *m,
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 1919b40..0d8b6ff 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -1178,6 +1178,18 @@ static int net_sam_addmem(struct net_context *c, int
argc, const char **argv)
"with %s\n", nt_errstr(status));
return -1;
}
+ } else if (grouptype == SID_NAME_DOM_GRP) {
+ uint32_t grouprid, memberrid;
+
+ sid_peek_rid(&group, &grouprid);
+ sid_peek_rid(&member, &memberrid);
+
+ status = pdb_add_groupmem(talloc_tos(), grouprid, memberrid);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "Adding domain group member failed "
+ "with %s\n", nt_errstr(status));
+ return -1;
+ }
} else {
d_fprintf(stderr, "Can only add members to local groups so "
"far, %s is a %s\n", argv[0],
@@ -1233,6 +1245,18 @@ static int net_sam_delmem(struct net_context *c, int
argc, const char **argv)
"with %s\n", nt_errstr(status));
return -1;
}
+ } else if (grouptype == SID_NAME_DOM_GRP) {
+ uint32_t grouprid, memberrid;
+
+ sid_peek_rid(&group, &grouprid);
+ sid_peek_rid(&member, &memberrid);
+
+ status = pdb_del_groupmem(talloc_tos(), grouprid, memberrid);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "Deleting domain group member "
+ "failed with %s\n", nt_errstr(status));
+ return -1;
+ }
} else {
d_fprintf(stderr, "Can only delete members from local groups "
"so far, %s is a %s\n", argv[0],
--
Samba Shared Repository
