2
* Unix SMB/CIFS implementation.
3
* Local SAM access routines
4
* Copyright (C) Volker Lendecke 2006
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 3 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
22
#include "utils/net.h"
28
static int net_sam_userset(struct net_context *c, int argc, const char **argv,
30
bool (*fn)(struct samu *, const char *,
31
enum pdb_value_state))
33
struct samu *sam_acct = NULL;
35
enum lsa_SidType type;
36
const char *dom, *name;
39
if (argc != 2 || c->display_usage) {
40
d_fprintf(stderr, "usage: net sam set %s <user> <value>\n",
45
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
46
&dom, &name, &sid, &type)) {
47
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
51
if (type != SID_NAME_USER) {
52
d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
53
sid_type_lookup(type));
57
if ( !(sam_acct = samu_new( NULL )) ) {
58
d_fprintf(stderr, "Internal error\n");
62
if (!pdb_getsampwsid(sam_acct, &sid)) {
63
d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
67
if (!fn(sam_acct, argv[1], PDB_CHANGED)) {
68
d_fprintf(stderr, "Internal error\n");
72
status = pdb_update_sam_account(sam_acct);
73
if (!NT_STATUS_IS_OK(status)) {
74
d_fprintf(stderr, "Updating sam account %s failed with %s\n",
75
argv[0], nt_errstr(status));
79
TALLOC_FREE(sam_acct);
81
d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]);
85
static int net_sam_set_fullname(struct net_context *c, int argc,
88
return net_sam_userset(c, argc, argv, "fullname",
92
static int net_sam_set_logonscript(struct net_context *c, int argc,
95
return net_sam_userset(c, argc, argv, "logonscript",
96
pdb_set_logon_script);
99
static int net_sam_set_profilepath(struct net_context *c, int argc,
102
return net_sam_userset(c, argc, argv, "profilepath",
103
pdb_set_profile_path);
106
static int net_sam_set_homedrive(struct net_context *c, int argc,
109
return net_sam_userset(c, argc, argv, "homedrive",
113
static int net_sam_set_homedir(struct net_context *c, int argc,
116
return net_sam_userset(c, argc, argv, "homedir",
120
static int net_sam_set_workstations(struct net_context *c, int argc,
123
return net_sam_userset(c, argc, argv, "workstations",
124
pdb_set_workstations);
131
static int net_sam_set_userflag(struct net_context *c, int argc,
132
const char **argv, const char *field,
135
struct samu *sam_acct = NULL;
137
enum lsa_SidType type;
138
const char *dom, *name;
142
if ((argc != 2) || c->display_usage ||
143
(!strequal(argv[1], "yes") &&
144
!strequal(argv[1], "no"))) {
145
d_fprintf(stderr, "usage: net sam set %s <user> [yes|no]\n",
150
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
151
&dom, &name, &sid, &type)) {
152
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
156
if (type != SID_NAME_USER) {
157
d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
158
sid_type_lookup(type));
162
if ( !(sam_acct = samu_new( NULL )) ) {
163
d_fprintf(stderr, "Internal error\n");
167
if (!pdb_getsampwsid(sam_acct, &sid)) {
168
d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
172
acct_flags = pdb_get_acct_ctrl(sam_acct);
174
if (strequal(argv[1], "yes")) {
180
pdb_set_acct_ctrl(sam_acct, acct_flags, PDB_CHANGED);
182
status = pdb_update_sam_account(sam_acct);
183
if (!NT_STATUS_IS_OK(status)) {
184
d_fprintf(stderr, "Updating sam account %s failed with %s\n",
185
argv[0], nt_errstr(status));
189
TALLOC_FREE(sam_acct);
191
d_fprintf(stderr, "Updated flag %s for %s\\%s to %s\n", field, dom,
196
static int net_sam_set_disabled(struct net_context *c, int argc,
199
return net_sam_set_userflag(c, argc, argv, "disabled", ACB_DISABLED);
202
static int net_sam_set_pwnotreq(struct net_context *c, int argc,
205
return net_sam_set_userflag(c, argc, argv, "pwnotreq", ACB_PWNOTREQ);
208
static int net_sam_set_autolock(struct net_context *c, int argc,
211
return net_sam_set_userflag(c, argc, argv, "autolock", ACB_AUTOLOCK);
214
static int net_sam_set_pwnoexp(struct net_context *c, int argc,
217
return net_sam_set_userflag(c, argc, argv, "pwnoexp", ACB_PWNOEXP);
221
* Set pass last change time, based on force pass change now
224
static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc,
227
struct samu *sam_acct = NULL;
229
enum lsa_SidType type;
230
const char *dom, *name;
233
if ((argc != 2) || c->display_usage ||
234
(!strequal(argv[1], "yes") &&
235
!strequal(argv[1], "no"))) {
236
d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n");
240
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
241
&dom, &name, &sid, &type)) {
242
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
246
if (type != SID_NAME_USER) {
247
d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
248
sid_type_lookup(type));
252
if ( !(sam_acct = samu_new( NULL )) ) {
253
d_fprintf(stderr, "Internal error\n");
257
if (!pdb_getsampwsid(sam_acct, &sid)) {
258
d_fprintf(stderr, "Loading user %s failed\n", argv[0]);
262
if (strequal(argv[1], "yes")) {
263
pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED);
265
pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED);
268
status = pdb_update_sam_account(sam_acct);
269
if (!NT_STATUS_IS_OK(status)) {
270
d_fprintf(stderr, "Updating sam account %s failed with %s\n",
271
argv[0], nt_errstr(status));
275
TALLOC_FREE(sam_acct);
277
d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom,
284
* Set a user's or a group's comment
287
static int net_sam_set_comment(struct net_context *c, int argc,
292
enum lsa_SidType type;
293
const char *dom, *name;
296
if (argc != 2 || c->display_usage) {
297
d_fprintf(stderr, "usage: net sam set comment <name> "
302
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
303
&dom, &name, &sid, &type)) {
304
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
308
if (type == SID_NAME_USER) {
309
return net_sam_userset(c, argc, argv, "comment",
313
if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
314
(type != SID_NAME_WKN_GRP)) {
315
d_fprintf(stderr, "%s is a %s, not a group\n", argv[0],
316
sid_type_lookup(type));
320
if (!pdb_getgrsid(&map, sid)) {
321
d_fprintf(stderr, "Could not load group %s\n", argv[0]);
325
fstrcpy(map.comment, argv[1]);
327
status = pdb_update_group_mapping_entry(&map);
329
if (!NT_STATUS_IS_OK(status)) {
330
d_fprintf(stderr, "Updating group mapping entry failed with "
331
"%s\n", nt_errstr(status));
335
d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
341
static int net_sam_set(struct net_context *c, int argc, const char **argv)
343
struct functable func[] = {
348
"Change a user's home directory",
349
"net sam set homedir\n"
350
" Change a user's home directory"
354
net_sam_set_profilepath,
356
"Change a user's profile path",
357
"net sam set profilepath\n"
358
" Change a user's profile path"
364
"Change a users or groups description",
365
"net sam set comment\n"
366
" Change a users or groups description"
370
net_sam_set_fullname,
372
"Change a user's full name",
373
"net sam set fullname\n"
374
" Change a user's full name"
378
net_sam_set_logonscript,
380
"Change a user's logon script",
381
"net sam set logonscript\n"
382
" Change a user's logon script"
386
net_sam_set_homedrive,
388
"Change a user's home drive",
389
"net sam set homedrive\n"
390
" Change a user's home drive"
394
net_sam_set_workstations,
396
"Change a user's allowed workstations",
397
"net sam set workstations\n"
398
" Change a user's allowed workstations"
402
net_sam_set_disabled,
404
"Disable/Enable a user",
405
"net sam set disable\n"
406
" Disable/Enable a user"
410
net_sam_set_pwnotreq,
412
"Disable/Enable the password not required flag",
413
"net sam set pwnotreq\n"
414
" Disable/Enable the password not required flag"
418
net_sam_set_autolock,
420
"Disable/Enable a user's lockout flag",
421
"net sam set autolock\n"
422
" Disable/Enable a user's lockout flag"
428
"Disable/Enable whether a user's pw does not expire",
429
"net sam set pwnoexp\n"
430
" Disable/Enable whether a user's pw does not expire"
434
net_sam_set_pwdmustchangenow,
436
"Force users password must change at next logon",
437
"net sam set pwdmustchangenow\n"
438
" Force users password must change at next logon"
440
{NULL, NULL, 0, NULL, NULL}
443
return net_run_function(c, argc, argv, "net sam set", func);
447
* Manage account policies
450
static int net_sam_policy_set(struct net_context *c, int argc, const char **argv)
452
const char *account_policy = NULL;
454
uint32 old_value = 0;
458
if (argc != 2 || c->display_usage) {
459
d_fprintf(stderr, "usage: net sam policy set "
460
"\"<account policy>\" <value> \n");
464
account_policy = argv[0];
465
field = account_policy_name_to_fieldnum(account_policy);
467
if (strequal(argv[1], "forever") || strequal(argv[1], "never")
468
|| strequal(argv[1], "off")) {
472
value = strtoul(argv[1], &endptr, 10);
474
if ((endptr == argv[1]) || (endptr[0] != '\0')) {
475
d_printf("Unable to set policy \"%s\"! Invalid value "
477
account_policy, argv[1]);
486
account_policy_names_list(&names, &count);
487
d_fprintf(stderr, "No account policy \"%s\"!\n\n", argv[0]);
488
d_fprintf(stderr, "Valid account policies are:\n");
490
for (i=0; i<count; i++) {
491
d_fprintf(stderr, "%s\n", names[i]);
498
if (!pdb_get_account_policy(field, &old_value)) {
499
d_fprintf(stderr, "Valid account policy, but unable to fetch "
502
d_printf("Account policy \"%s\" value was: %d\n", account_policy,
506
if (!pdb_set_account_policy(field, value)) {
507
d_fprintf(stderr, "Valid account policy, but unable to "
511
d_printf("Account policy \"%s\" value is now: %d\n", account_policy,
518
static int net_sam_policy_show(struct net_context *c, int argc, const char **argv)
520
const char *account_policy = NULL;
524
if (argc != 1 || c->display_usage) {
525
d_fprintf(stderr, "usage: net sam policy show"
526
" \"<account policy>\" \n");
530
account_policy = argv[0];
531
field = account_policy_name_to_fieldnum(account_policy);
537
account_policy_names_list(&names, &count);
538
d_fprintf(stderr, "No account policy by that name!\n");
540
d_fprintf(stderr, "Valid account policies "
542
for (i=0; i<count; i++) {
543
d_fprintf(stderr, "%s\n", names[i]);
550
if (!pdb_get_account_policy(field, &old_value)) {
551
fprintf(stderr, "Valid account policy, but unable to "
556
printf("Account policy \"%s\" description: %s\n",
557
account_policy, account_policy_get_desc(field));
558
printf("Account policy \"%s\" value is: %d\n", account_policy,
563
static int net_sam_policy_list(struct net_context *c, int argc, const char **argv)
569
if (c->display_usage) {
571
"net sam policy list\n"
572
" List account policies\n");
576
account_policy_names_list(&names, &count);
578
d_fprintf(stderr, "Valid account policies "
580
for (i = 0; i < count ; i++) {
581
d_fprintf(stderr, "%s\n", names[i]);
588
static int net_sam_policy(struct net_context *c, int argc, const char **argv)
590
struct functable func[] = {
595
"List account policies",
596
"net sam policy list\n"
597
" List account policies"
603
"Show account policies",
604
"net sam policy show\n"
605
" Show account policies"
611
"Change account policies",
612
"net sam policy set\n"
613
" Change account policies"
615
{NULL, NULL, 0, NULL, NULL}
618
return net_run_function(c, argc, argv, "net sam policy", func);
621
extern PRIVS privs[];
623
static int net_sam_rights_list(struct net_context *c, int argc,
628
if (argc > 1 || c->display_usage) {
629
d_fprintf(stderr, "usage: net sam rights list [privilege name]\n");
635
int num = count_all_privileges();
637
for (i=0; i<num; i++) {
638
d_printf("%s\n", privs[i].name);
643
if (se_priv_from_name(argv[0], &mask)) {
648
status = privilege_enum_sids(&mask, talloc_tos(),
650
if (!NT_STATUS_IS_OK(status)) {
651
d_fprintf(stderr, "Could not list rights: %s\n",
656
for (i=0; i<num_sids; i++) {
657
const char *dom, *name;
658
enum lsa_SidType type;
660
if (lookup_sid(talloc_tos(), &sids[i], &dom, &name,
662
d_printf("%s\\%s\n", dom, name);
665
d_printf("%s\n", sid_string_tos(&sids[i]));
674
static int net_sam_rights_grant(struct net_context *c, int argc,
678
enum lsa_SidType type;
679
const char *dom, *name;
683
if (argc < 2 || c->display_usage) {
684
d_fprintf(stderr, "usage: net sam rights grant <name> "
689
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
690
&dom, &name, &sid, &type)) {
691
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
695
for (i=1; i < argc; i++) {
696
if (!se_priv_from_name(argv[i], &mask)) {
697
d_fprintf(stderr, "%s unknown\n", argv[i]);
701
if (!grant_privilege(&sid, &mask)) {
702
d_fprintf(stderr, "Could not grant privilege\n");
706
d_printf("Granted %s to %s\\%s\n", argv[i], dom, name);
712
static int net_sam_rights_revoke(struct net_context *c, int argc,
716
enum lsa_SidType type;
717
const char *dom, *name;
721
if (argc < 2 || c->display_usage) {
722
d_fprintf(stderr, "usage: net sam rights revoke <name> "
727
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
728
&dom, &name, &sid, &type)) {
729
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
733
for (i=1; i < argc; i++) {
735
if (!se_priv_from_name(argv[i], &mask)) {
736
d_fprintf(stderr, "%s unknown\n", argv[i]);
740
if (!revoke_privilege(&sid, &mask)) {
741
d_fprintf(stderr, "Could not revoke privilege\n");
745
d_printf("Revoked %s from %s\\%s\n", argv[i], dom, name);
751
static int net_sam_rights(struct net_context *c, int argc, const char **argv)
753
struct functable func[] = {
758
"List possible user rights",
759
"net sam rights list\n"
760
" List possible user rights"
764
net_sam_rights_grant,
767
"net sam rights grant\n"
772
net_sam_rights_revoke,
775
"net sam rights revoke\n"
778
{NULL, NULL, 0, NULL, NULL}
780
return net_run_function(c, argc, argv, "net sam rights", func);
784
* Map a unix group to a domain group
787
static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
791
const char *grpname, *dom, *name;
794
if (pdb_getgrgid(&map, grp->gr_gid)) {
795
return NT_STATUS_GROUP_EXISTS;
798
map.gid = grp->gr_gid;
799
grpname = grp->gr_name;
801
if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
802
&dom, &name, NULL, NULL)) {
804
const char *tmp = talloc_asprintf(
805
talloc_tos(), "Unix Group %s", grp->gr_name);
807
DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
808
grpname, dom, name, tmp));
812
if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
813
NULL, NULL, NULL, NULL)) {
814
DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
815
return NT_STATUS_GROUP_EXISTS;
818
fstrcpy(map.nt_name, grpname);
820
if (pdb_rid_algorithm()) {
821
rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
823
if (!pdb_new_rid(&rid)) {
824
DEBUG(3, ("Could not get a new RID for %s\n",
826
return NT_STATUS_ACCESS_DENIED;
830
sid_compose(&map.sid, get_global_sam_sid(), rid);
831
map.sid_name_use = SID_NAME_DOM_GRP;
832
fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s",
835
status = pdb_add_group_mapping_entry(&map);
836
if (NT_STATUS_IS_OK(status)) {
842
static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv)
848
if (argc != 1 || c->display_usage) {
849
d_fprintf(stderr, "usage: net sam mapunixgroup <name>\n");
853
grp = getgrnam(argv[0]);
855
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
859
status = map_unix_group(grp, &map);
861
if (!NT_STATUS_IS_OK(status)) {
862
d_fprintf(stderr, "Mapping group %s failed with %s\n",
863
argv[0], nt_errstr(status));
867
d_printf("Mapped unix group %s to SID %s\n", argv[0],
868
sid_string_tos(&map.sid));
874
* Remove a group mapping
877
static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
884
map.gid = grp->gr_gid;
885
grpname = grp->gr_name;
887
if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
888
NULL, NULL, NULL, NULL)) {
889
DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name));
890
return NT_STATUS_NO_SUCH_GROUP;
893
fstrcpy(map.nt_name, grpname);
895
if (!pdb_gid_to_sid(map.gid, &dom_sid)) {
896
return NT_STATUS_UNSUCCESSFUL;
899
status = pdb_delete_group_mapping_entry(dom_sid);
904
static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv)
910
if (argc != 1 || c->display_usage) {
911
d_fprintf(stderr, "usage: net sam unmapunixgroup <name>\n");
915
grp = getgrnam(argv[0]);
917
d_fprintf(stderr, "Could not find mapping for group %s.\n", argv[0]);
921
status = unmap_unix_group(grp, &map);
923
if (!NT_STATUS_IS_OK(status)) {
924
d_fprintf(stderr, "Unmapping group %s failed with %s.\n",
925
argv[0], nt_errstr(status));
929
d_printf("Unmapped unix group %s.\n", argv[0]);
935
* Create a local group
938
static int net_sam_createlocalgroup(struct net_context *c, int argc, const char **argv)
943
if (argc != 1 || c->display_usage) {
944
d_fprintf(stderr, "usage: net sam createlocalgroup <name>\n");
948
if (!winbind_ping()) {
949
d_fprintf(stderr, "winbind seems not to run. createlocalgroup "
950
"only works when winbind runs.\n");
954
status = pdb_create_alias(argv[0], &rid);
956
if (!NT_STATUS_IS_OK(status)) {
957
d_fprintf(stderr, "Creating %s failed with %s\n",
958
argv[0], nt_errstr(status));
962
d_printf("Created local group %s with RID %d\n", argv[0], rid);
968
* Delete a local group
971
static int net_sam_deletelocalgroup(struct net_context *c, int argc, const char **argv)
974
enum lsa_SidType type;
975
const char *dom, *name;
978
if (argc != 1 || c->display_usage) {
979
d_fprintf(stderr, "usage: net sam deletelocalgroup <name>\n");
983
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
984
&dom, &name, &sid, &type)) {
985
d_fprintf(stderr, "Could not find %s.\n", argv[0]);
989
if (type != SID_NAME_ALIAS) {
990
d_fprintf(stderr, "%s is a %s, not a local group.\n", argv[0],
991
sid_type_lookup(type));
995
status = pdb_delete_alias(&sid);
997
if (!NT_STATUS_IS_OK(status)) {
998
d_fprintf(stderr, "Deleting local group %s failed with %s\n",
999
argv[0], nt_errstr(status));
1003
d_printf("Deleted local group %s.\n", argv[0]);
1009
* Create a builtin group
1012
static int net_sam_createbuiltingroup(struct net_context *c, int argc, const char **argv)
1016
enum lsa_SidType type;
1020
if (argc != 1 || c->display_usage) {
1021
d_fprintf(stderr, "usage: net sam createbuiltingroup <name>\n");
1025
if (!winbind_ping()) {
1026
d_fprintf(stderr, "winbind seems not to run. createbuiltingroup "
1027
"only works when winbind runs.\n");
1031
/* validate the name and get the group */
1033
fstrcpy( groupname, "BUILTIN\\" );
1034
fstrcat( groupname, argv[0] );
1036
if ( !lookup_name(talloc_tos(), groupname, LOOKUP_NAME_ALL, NULL,
1037
NULL, &sid, &type)) {
1038
d_fprintf(stderr, "%s is not a BUILTIN group\n", argv[0]);
1042
if ( !sid_peek_rid( &sid, &rid ) ) {
1043
d_fprintf(stderr, "Failed to get RID for %s\n", argv[0]);
1047
status = pdb_create_builtin_alias( rid );
1049
if (!NT_STATUS_IS_OK(status)) {
1050
d_fprintf(stderr, "Creating %s failed with %s\n",
1051
argv[0], nt_errstr(status));
1055
d_printf("Created BUILTIN group %s with RID %d\n", argv[0], rid);
1061
* Add a group member
1064
static int net_sam_addmem(struct net_context *c, int argc, const char **argv)
1066
const char *groupdomain, *groupname, *memberdomain, *membername;
1067
DOM_SID group, member;
1068
enum lsa_SidType grouptype, membertype;
1071
if (argc != 2 || c->display_usage) {
1072
d_fprintf(stderr, "usage: net sam addmem <group> <member>\n");
1076
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1077
&groupdomain, &groupname, &group, &grouptype)) {
1078
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
1082
/* check to see if the member to be added is a name or a SID */
1084
if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL,
1085
&memberdomain, &membername, &member, &membertype))
1087
/* try it as a SID */
1089
if ( !string_to_sid( &member, argv[1] ) ) {
1090
d_fprintf(stderr, "Could not find member %s\n", argv[1]);
1094
if ( !lookup_sid(talloc_tos(), &member, &memberdomain,
1095
&membername, &membertype) )
1097
d_fprintf(stderr, "Could not resolve SID %s\n", argv[1]);
1102
if ((grouptype == SID_NAME_ALIAS) || (grouptype == SID_NAME_WKN_GRP)) {
1103
if ((membertype != SID_NAME_USER) &&
1104
(membertype != SID_NAME_DOM_GRP)) {
1105
d_fprintf(stderr, "%s is a local group, only users "
1106
"and domain groups can be added.\n"
1107
"%s is a %s\n", argv[0], argv[1],
1108
sid_type_lookup(membertype));
1111
status = pdb_add_aliasmem(&group, &member);
1113
if (!NT_STATUS_IS_OK(status)) {
1114
d_fprintf(stderr, "Adding local group member failed "
1115
"with %s\n", nt_errstr(status));
1119
d_fprintf(stderr, "Can only add members to local groups so "
1120
"far, %s is a %s\n", argv[0],
1121
sid_type_lookup(grouptype));
1125
d_printf("Added %s\\%s to %s\\%s\n", memberdomain, membername,
1126
groupdomain, groupname);
1132
* Delete a group member
1135
static int net_sam_delmem(struct net_context *c, int argc, const char **argv)
1137
const char *groupdomain, *groupname;
1138
const char *memberdomain = NULL;
1139
const char *membername = NULL;
1140
DOM_SID group, member;
1141
enum lsa_SidType grouptype;
1144
if (argc != 2 || c->display_usage) {
1145
d_fprintf(stderr, "usage: net sam delmem <group> <member>\n");
1149
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1150
&groupdomain, &groupname, &group, &grouptype)) {
1151
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
1155
if (!lookup_name(talloc_tos(), argv[1], LOOKUP_NAME_LOCAL,
1156
&memberdomain, &membername, &member, NULL)) {
1157
if (!string_to_sid(&member, argv[1])) {
1158
d_fprintf(stderr, "Could not find member %s\n",
1164
if ((grouptype == SID_NAME_ALIAS) ||
1165
(grouptype == SID_NAME_WKN_GRP)) {
1166
status = pdb_del_aliasmem(&group, &member);
1168
if (!NT_STATUS_IS_OK(status)) {
1169
d_fprintf(stderr, "Deleting local group member failed "
1170
"with %s\n", nt_errstr(status));
1174
d_fprintf(stderr, "Can only delete members from local groups "
1175
"so far, %s is a %s\n", argv[0],
1176
sid_type_lookup(grouptype));
1180
if (membername != NULL) {
1181
d_printf("Deleted %s\\%s from %s\\%s\n",
1182
memberdomain, membername, groupdomain, groupname);
1184
d_printf("Deleted %s from %s\\%s\n",
1185
sid_string_tos(&member), groupdomain, groupname);
1192
* List group members
1195
static int net_sam_listmem(struct net_context *c, int argc, const char **argv)
1197
const char *groupdomain, *groupname;
1199
enum lsa_SidType grouptype;
1202
if (argc != 1 || c->display_usage) {
1203
d_fprintf(stderr, "usage: net sam listmem <group>\n");
1207
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1208
&groupdomain, &groupname, &group, &grouptype)) {
1209
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
1213
if ((grouptype == SID_NAME_ALIAS) ||
1214
(grouptype == SID_NAME_WKN_GRP)) {
1215
DOM_SID *members = NULL;
1216
size_t i, num_members = 0;
1218
status = pdb_enum_aliasmem(&group, &members, &num_members);
1220
if (!NT_STATUS_IS_OK(status)) {
1221
d_fprintf(stderr, "Listing group members failed with "
1222
"%s\n", nt_errstr(status));
1226
d_printf("%s\\%s has %u members\n", groupdomain, groupname,
1227
(unsigned int)num_members);
1228
for (i=0; i<num_members; i++) {
1229
const char *dom, *name;
1230
if (lookup_sid(talloc_tos(), &members[i],
1231
&dom, &name, NULL)) {
1232
d_printf(" %s\\%s\n", dom, name);
1234
d_printf(" %s\n", sid_string_tos(&members[i]));
1238
TALLOC_FREE(members);
1240
d_fprintf(stderr, "Can only list local group members so far.\n"
1241
"%s is a %s\n", argv[0], sid_type_lookup(grouptype));
1251
static int net_sam_do_list(struct net_context *c, int argc, const char **argv,
1252
struct pdb_search *search, const char *what)
1254
bool verbose = (argc == 1);
1256
if ((argc > 1) || c->display_usage ||
1257
((argc == 1) && !strequal(argv[0], "verbose"))) {
1258
d_fprintf(stderr, "usage: net sam list %s [verbose]\n", what);
1262
if (search == NULL) {
1263
d_fprintf(stderr, "Could not start search\n");
1268
struct samr_displayentry entry;
1269
if (!search->next_entry(search, &entry)) {
1273
d_printf("%s:%d:%s\n",
1278
d_printf("%s\n", entry.account_name);
1282
TALLOC_FREE(search);
1286
static int net_sam_list_users(struct net_context *c, int argc,
1289
return net_sam_do_list(c, argc, argv,
1290
pdb_search_users(talloc_tos(), ACB_NORMAL),
1294
static int net_sam_list_groups(struct net_context *c, int argc,
1297
return net_sam_do_list(c, argc, argv, pdb_search_groups(talloc_tos()),
1301
static int net_sam_list_localgroups(struct net_context *c, int argc,
1304
return net_sam_do_list(c, argc, argv,
1305
pdb_search_aliases(talloc_tos(),
1306
get_global_sam_sid()),
1310
static int net_sam_list_builtin(struct net_context *c, int argc,
1313
return net_sam_do_list(c, argc, argv,
1314
pdb_search_aliases(talloc_tos(),
1315
&global_sid_Builtin),
1319
static int net_sam_list_workstations(struct net_context *c, int argc,
1322
return net_sam_do_list(c, argc, argv,
1323
pdb_search_users(talloc_tos(), ACB_WSTRUST),
1331
static int net_sam_list(struct net_context *c, int argc, const char **argv)
1333
struct functable func[] = {
1337
NET_TRANSPORT_LOCAL,
1339
"net sam list users\n"
1344
net_sam_list_groups,
1345
NET_TRANSPORT_LOCAL,
1347
"net sam list groups\n"
1352
net_sam_list_localgroups,
1353
NET_TRANSPORT_LOCAL,
1354
"List SAM local groups",
1355
"net sam list localgroups\n"
1356
" List SAM local groups"
1360
net_sam_list_builtin,
1361
NET_TRANSPORT_LOCAL,
1362
"List builtin groups",
1363
"net sam list builtin\n"
1364
" List builtin groups"
1368
net_sam_list_workstations,
1369
NET_TRANSPORT_LOCAL,
1370
"List domain member workstations",
1371
"net sam list workstations\n"
1372
" List domain member workstations"
1374
{NULL, NULL, 0, NULL, NULL}
1377
return net_run_function(c, argc, argv, "net sam list", func);
1381
* Show details of SAM entries
1384
static int net_sam_show(struct net_context *c, int argc, const char **argv)
1387
enum lsa_SidType type;
1388
const char *dom, *name;
1390
if (argc != 1 || c->display_usage) {
1391
d_fprintf(stderr, "usage: net sam show <name>\n");
1395
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
1396
&dom, &name, &sid, &type)) {
1397
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
1401
d_printf("%s\\%s is a %s with SID %s\n", dom, name,
1402
sid_type_lookup(type), sid_string_tos(&sid));
1410
* Init an LDAP tree with default users and Groups
1411
* if ldapsam:editposix is enabled
1414
static int net_sam_provision(struct net_context *c, int argc, const char **argv)
1418
char *ldap_uri = NULL;
1420
struct smbldap_state *ls;
1423
gid_t domusers_gid = -1;
1424
gid_t domadmins_gid = -1;
1425
struct samu *samuser;
1428
if (c->display_usage) {
1430
"net sam provision\n"
1431
" Init an LDAP tree with default users/groups\n");
1435
tc = talloc_new(NULL);
1437
d_fprintf(stderr, "Out of Memory!\n");
1441
if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) {
1442
d_fprintf(stderr, "talloc failed\n");
1446
p = strchr(ldap_bk, ':');
1449
ldap_uri = talloc_strdup(tc, p+1);
1450
trim_char(ldap_uri, ' ', ' ');
1453
trim_char(ldap_bk, ' ', ' ');
1455
if (strcmp(ldap_bk, "ldapsam") != 0) {
1456
d_fprintf(stderr, "Provisioning works only with ldapsam backend\n");
1460
if (!lp_parm_bool(-1, "ldapsam", "trusted", false) ||
1461
!lp_parm_bool(-1, "ldapsam", "editposix", false)) {
1463
d_fprintf(stderr, "Provisioning works only if ldapsam:trusted"
1464
" and ldapsam:editposix are enabled.\n");
1468
if (!winbind_ping()) {
1469
d_fprintf(stderr, "winbind seems not to run. Provisioning "
1470
"LDAP only works when winbind runs.\n");
1474
if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &ls))) {
1475
d_fprintf(stderr, "Unable to connect to the LDAP server.\n");
1479
d_printf("Checking for Domain Users group.\n");
1481
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
1483
if (!pdb_getgrsid(&gmap, gsid)) {
1484
LDAPMod **mods = NULL;
1492
d_printf("Adding the Domain Users group.\n");
1494
/* lets allocate a new groupid for this group */
1495
if (!winbind_allocate_gid(&domusers_gid)) {
1496
d_fprintf(stderr, "Unable to allocate a new gid to create Domain Users group!\n");
1500
uname = talloc_strdup(tc, "domusers");
1501
wname = talloc_strdup(tc, "Domain Users");
1502
dn = talloc_asprintf(tc, "cn=%s,%s", "domusers", lp_ldap_group_suffix());
1503
gidstr = talloc_asprintf(tc, "%u", (unsigned int)domusers_gid);
1504
gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
1506
if (!uname || !wname || !dn || !gidstr || !gtype) {
1507
d_fprintf(stderr, "Out of Memory!\n");
1511
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
1512
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
1513
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
1514
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
1515
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1516
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
1517
sid_string_talloc(tc, &gsid));
1518
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
1520
talloc_autofree_ldapmod(tc, mods);
1522
rc = smbldap_add(ls, dn, mods);
1524
if (rc != LDAP_SUCCESS) {
1525
d_fprintf(stderr, "Failed to add Domain Users group to ldap directory\n");
1528
domusers_gid = gmap.gid;
1529
d_printf("found!\n");
1534
d_printf("Checking for Domain Admins group.\n");
1536
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
1538
if (!pdb_getgrsid(&gmap, gsid)) {
1539
LDAPMod **mods = NULL;
1547
d_printf("Adding the Domain Admins group.\n");
1549
/* lets allocate a new groupid for this group */
1550
if (!winbind_allocate_gid(&domadmins_gid)) {
1551
d_fprintf(stderr, "Unable to allocate a new gid to create Domain Admins group!\n");
1555
uname = talloc_strdup(tc, "domadmins");
1556
wname = talloc_strdup(tc, "Domain Admins");
1557
dn = talloc_asprintf(tc, "cn=%s,%s", "domadmins", lp_ldap_group_suffix());
1558
gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
1559
gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
1561
if (!uname || !wname || !dn || !gidstr || !gtype) {
1562
d_fprintf(stderr, "Out of Memory!\n");
1566
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
1567
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
1568
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
1569
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
1570
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1571
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
1572
sid_string_talloc(tc, &gsid));
1573
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
1575
talloc_autofree_ldapmod(tc, mods);
1577
rc = smbldap_add(ls, dn, mods);
1579
if (rc != LDAP_SUCCESS) {
1580
d_fprintf(stderr, "Failed to add Domain Admins group to ldap directory\n");
1583
domadmins_gid = gmap.gid;
1584
d_printf("found!\n");
1589
d_printf("Check for Administrator account.\n");
1591
samuser = samu_new(tc);
1593
d_fprintf(stderr, "Out of Memory!\n");
1597
if (!pdb_getsampwnam(samuser, "Administrator")) {
1598
LDAPMod **mods = NULL;
1609
d_printf("Adding the Administrator user.\n");
1611
if (domadmins_gid == -1) {
1612
d_fprintf(stderr, "Can't create Administrator user, Domain Admins group not available!\n");
1615
if (!winbind_allocate_uid(&uid)) {
1616
d_fprintf(stderr, "Unable to allocate a new uid to create the Administrator user!\n");
1619
name = talloc_strdup(tc, "Administrator");
1620
dn = talloc_asprintf(tc, "uid=Administrator,%s", lp_ldap_user_suffix());
1621
uidstr = talloc_asprintf(tc, "%u", (unsigned int)uid);
1622
gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
1623
dir = talloc_sub_specified(tc, lp_template_homedir(),
1625
get_global_sam_name(),
1626
uid, domadmins_gid);
1627
shell = talloc_sub_specified(tc, lp_template_shell(),
1629
get_global_sam_name(),
1630
uid, domadmins_gid);
1632
if (!name || !dn || !uidstr || !gidstr || !dir || !shell) {
1633
d_fprintf(stderr, "Out of Memory!\n");
1637
sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN);
1639
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
1640
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
1641
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
1642
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name);
1643
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
1644
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
1645
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
1646
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1647
smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", dir);
1648
smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
1649
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID",
1650
sid_string_talloc(tc, &sid));
1651
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
1652
pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
1653
NEW_PW_FORMAT_SPACE_PADDED_LEN));
1655
talloc_autofree_ldapmod(tc, mods);
1657
rc = smbldap_add(ls, dn, mods);
1659
if (rc != LDAP_SUCCESS) {
1660
d_fprintf(stderr, "Failed to add Administrator user to ldap directory\n");
1663
d_printf("found!\n");
1666
d_printf("Checking for Guest user.\n");
1668
samuser = samu_new(tc);
1670
d_fprintf(stderr, "Out of Memory!\n");
1674
if (!pdb_getsampwnam(samuser, lp_guestaccount())) {
1675
LDAPMod **mods = NULL;
1682
d_printf("Adding the Guest user.\n");
1684
pwd = getpwnam_alloc(tc, lp_guestaccount());
1687
if (domusers_gid == -1) {
1688
d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n");
1691
if ((pwd = talloc(tc, struct passwd)) == NULL) {
1692
d_fprintf(stderr, "talloc failed\n");
1695
pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
1696
if (!winbind_allocate_uid(&(pwd->pw_uid))) {
1697
d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n");
1700
pwd->pw_gid = domusers_gid;
1701
pwd->pw_dir = talloc_strdup(tc, "/");
1702
pwd->pw_shell = talloc_strdup(tc, "/bin/false");
1703
if (!pwd->pw_dir || !pwd->pw_shell) {
1704
d_fprintf(stderr, "Out of Memory!\n");
1709
sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
1711
dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ());
1712
uidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_uid);
1713
gidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_gid);
1714
if (!dn || !uidstr || !gidstr) {
1715
d_fprintf(stderr, "Out of Memory!\n");
1719
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
1720
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
1721
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
1722
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name);
1723
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name);
1724
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name);
1725
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
1726
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1727
if ((pwd->pw_dir != NULL) && (pwd->pw_dir[0] != '\0')) {
1728
smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", pwd->pw_dir);
1730
if ((pwd->pw_shell != NULL) && (pwd->pw_shell[0] != '\0')) {
1731
smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", pwd->pw_shell);
1733
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSID",
1734
sid_string_talloc(tc, &sid));
1735
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaAcctFlags",
1736
pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED,
1737
NEW_PW_FORMAT_SPACE_PADDED_LEN));
1739
talloc_autofree_ldapmod(tc, mods);
1741
rc = smbldap_add(ls, dn, mods);
1743
if (rc != LDAP_SUCCESS) {
1744
d_fprintf(stderr, "Failed to add Guest user to ldap directory\n");
1747
d_printf("found!\n");
1750
d_printf("Checking Guest's group.\n");
1752
pwd = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
1754
d_fprintf(stderr, "Failed to find just created Guest account!\n"
1755
" Is nss properly configured?!\n");
1759
if (pwd->pw_gid == domusers_gid) {
1760
d_printf("found!\n");
1764
if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
1765
LDAPMod **mods = NULL;
1773
d_printf("Adding the Domain Guests group.\n");
1775
uname = talloc_strdup(tc, "domguests");
1776
wname = talloc_strdup(tc, "Domain Guests");
1777
dn = talloc_asprintf(tc, "cn=%s,%s", "domguests", lp_ldap_group_suffix());
1778
gidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_gid);
1779
gtype = talloc_asprintf(tc, "%d", SID_NAME_DOM_GRP);
1781
if (!uname || !wname || !dn || !gidstr || !gtype) {
1782
d_fprintf(stderr, "Out of Memory!\n");
1786
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS);
1788
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
1789
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
1790
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
1791
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
1792
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
1793
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid",
1794
sid_string_talloc(tc, &gsid));
1795
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype);
1797
talloc_autofree_ldapmod(tc, mods);
1799
rc = smbldap_add(ls, dn, mods);
1801
if (rc != LDAP_SUCCESS) {
1802
d_fprintf(stderr, "Failed to add Domain Guests group to ldap directory\n");
1805
d_printf("found!\n");
1820
/***********************************************************
1821
migrated functionality from smbgroupedit
1822
**********************************************************/
1823
int net_sam(struct net_context *c, int argc, const char **argv)
1825
struct functable func[] = {
1827
"createbuiltingroup",
1828
net_sam_createbuiltingroup,
1829
NET_TRANSPORT_LOCAL,
1830
"Create a new BUILTIN group",
1831
"net sam createbuiltingroup\n"
1832
" Create a new BUILTIN group"
1836
net_sam_createlocalgroup,
1837
NET_TRANSPORT_LOCAL,
1838
"Create a new local group",
1839
"net sam createlocalgroup\n"
1840
" Create a new local group"
1844
net_sam_deletelocalgroup,
1845
NET_TRANSPORT_LOCAL,
1846
"Delete an existing local group",
1847
"net sam deletelocalgroup\n"
1848
" Delete an existing local group"
1852
net_sam_mapunixgroup,
1853
NET_TRANSPORT_LOCAL,
1854
"Map a unix group to a domain group",
1855
"net sam mapunixgroup\n"
1856
" Map a unix group to a domain group"
1860
net_sam_unmapunixgroup,
1861
NET_TRANSPORT_LOCAL,
1862
"Remove a group mapping of an unix group to a domain "
1864
"net sam unmapunixgroup\n"
1865
" Remove a group mapping of an unix group to a "
1871
NET_TRANSPORT_LOCAL,
1872
"Add a member to a group",
1874
" Add a member to a group"
1879
NET_TRANSPORT_LOCAL,
1880
"Delete a member from a group",
1882
" Delete a member from a group"
1887
NET_TRANSPORT_LOCAL,
1888
"List group members",
1890
" List group members"
1895
NET_TRANSPORT_LOCAL,
1896
"List users, groups and local groups",
1898
" List users, groups and local groups"
1903
NET_TRANSPORT_LOCAL,
1904
"Show details of a SAM entry",
1906
" Show details of a SAM entry"
1911
NET_TRANSPORT_LOCAL,
1912
"Set details of a SAM account",
1914
" Set details of a SAM account"
1919
NET_TRANSPORT_LOCAL,
1920
"Set account policies",
1922
" Set account policies"
1927
NET_TRANSPORT_LOCAL,
1928
"Manipulate user privileges",
1930
" Manipulate user privileges"
1936
NET_TRANSPORT_LOCAL,
1937
"Provision a clean user database",
1938
"net sam privison\n"
1939
" Provision a clear user database"
1942
{NULL, NULL, 0, NULL, NULL}
1945
if (getuid() != 0) {
1946
d_fprintf(stderr, "You are not root, most things won't "
1950
return net_run_function(c, argc, argv, "net sam", func);