Here's an updated patch that implements a
-c "group name" -r to do dissociation
it also cleans up a couple of doc issues
I'm not sure if you'll like the null_group trick i used
but it seemed better than allocating an fstring
and modifying the arguments being passed to changegroup.
let me know if you want some changes...
brad
On Fri, 2002-08-09 at 19:43, Andrew Bartlett wrote:
> "Bradley W. Langhorst" wrote:
> >
> > I propose the following changes to smbgroupedit in HEAD
> > to keep others from getting burned as I did by a
> > subtle change of group type during a unix association
> >
> > I can't believe how long it took me to figure out why my
> > my groups weren't showing up.
>
Index: source/utils/smbgroupedit.c
===================================================================
RCS file: /cvsroot/samba/source/utils/smbgroupedit.c,v
retrieving revision 1.21
diff -u -r1.21 smbgroupedit.c
--- source/utils/smbgroupedit.c 20 Jul 2002 12:03:11 -0000 1.21
+++ source/utils/smbgroupedit.c 13 Aug 2002 18:20:06 -0000
@@ -49,12 +49,14 @@
printf(" -v list groups\n");
printf(" -l long list (include details)\n");
printf(" -s short list (default)\n");
- printf(" -c SID change group\n");
+ printf(" -c [SID|group] change group\n");
printf(" -u unix group\n");
printf(" -d description group description\n");
- printf(" -x group delete this group\n");
+ printf(" -r remove unix-nt group mapping\n");
+ printf(" -t[b|d|l] type: builtin, domain, local \n");
+ printf(" -x [SID|group] delete this group\n");
printf("\n");
- printf(" -t[b|d|l] type: builtin, domain, local \n");
+
exit(1);
}
@@ -143,36 +145,43 @@
/* Get the current mapping from the database */
if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
- printf("This SID does not exist in the database\n");
+ printf("This SID does not exist in the database: %s\n", sid_string);
return -1;
}
/* If a new Unix group is specified, check and change */
if (group!=NULL) {
+ if (strncmp(group,"-1", strlen(group)) == 0){
+ printf("Dissociating unix groups from ntgroup: %s\n", map.nt_name);
+ map.gid=-1; /*dissociate the unix group*/
+ } else {
gid=nametogid(group);
if (gid==-1) {
- printf("The UNIX group does not exist\n");
+ printf("The UNIX group: %s does not exist\n", group);
return -1;
} else
map.gid=gid;
+ }
}
/*
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups !!! (SID problem)
*/
- if (sid_type==SID_NAME_ALIAS
- || sid_type==SID_NAME_DOM_GRP
- || sid_type==SID_NAME_UNKNOWN) {
- if (map.sid_name_use==SID_NAME_ALIAS
- || map.sid_name_use==SID_NAME_DOM_GRP
- || map.sid_name_use==SID_NAME_UNKNOWN) {
- map.sid_name_use=sid_type;
+ /* Since we're changing a group we should really keep the
+ * old type unless the user explicitly specified a new type.
+ * It is not possible to specify the UNKNOWN type
+ */
+ if (sid_type != SID_NAME_UNKNOWN) {
+ if (sid_type != SID_NAME_WKN_GRP) {
+ if (map.sid_name_use !=SID_NAME_WKN_GRP) {
+ map.sid_name_use=sid_type;
+ } else {
+ printf("cannot change group type from builtin\n");
+ };
} else {
printf("cannot change group type to builtin\n");
- };
- } else {
- printf("cannot change group type from builtin\n");
+ }
}
if (ntgroup!=NULL)
@@ -267,13 +276,16 @@
BOOL priv = False;
BOOL group_type = False;
BOOL long_list = False;
-
+ BOOL unix_group = False;
+ BOOL remove_mapping = False;
+
char *group = NULL;
char *sid = NULL;
char *ntgroup = NULL;
char *privilege = NULL;
char *groupt = NULL;
char *group_desc = NULL;
+ char *null_group = "-1";
enum SID_NAME_USE sid_type;
@@ -312,7 +324,7 @@
return 0;
}
- while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:")) != EOF) {
+ while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:r")) != EOF) {
switch(ch) {
case 'a':
add_group = True;
@@ -344,6 +356,7 @@
groupt=optarg;
break;
case 'u':
+ unix_group = True;
group=optarg;
break;
case 'v':
@@ -353,23 +366,47 @@
delete_group = True;
group=optarg;
break;
+ case 'r':
+ remove_mapping = True;
+ break;
/*default:
usage();*/
}
}
- if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) {
+ if (((add_group?1:0) +
+ (view_group?1:0) +
+ (change_group?1:0) +
+ (delete_group?1:0)) > 1) {
fprintf (stderr, "Incompatible options on command line!\n");
usage();
exit(1);
}
-
- /* no option on command line -> list groups */
- if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
- view_group = True;
-
+ if (change_group) {
+ if (((remove_mapping?1:0)+
+ (delete_group?1:0)+
+ (unix_group?1:0)) >1 ){
+ fprintf(stderr, "Group deletion (-x), removal of mapping (-r), and unix->NT group mapping (-u) are mutually exclusive options.\n");
+ usage();
+ exit(1);
+ } else if (((remove_mapping?1:0) +
+ (unix_group?1:0) +
+ (group_type?1:0)) < 1) {
+ fprintf(stderr, "Change operator must have an operation.\n");
+ usage();
+ exit(1);
+ }
+ }
+ /* no option on command line -> list groups */
+ /* we never get here since the argc <2 check fails first...
+ if ((add_group?1:0) +
+ (view_group?1:0) +
+ (change_group?1:0) +
+ (delete_group?1:0) == 0)
+ view_group = True;
+ */
if (group_type==False)
sid_type=SID_NAME_UNKNOWN;
else {
@@ -401,7 +438,8 @@
if (delete_group)
return deletegroup(group);
- if (change_group) {
+ if (change_group) {
+ if (remove_mapping) group = null_group;
return changegroup(sid, group, sid_type, ntgroup, group_desc, privilege);
}
