--- a/source3/utils/net_sam.c 2009-06-18 17:09:33.000000000 +0100 +++ b/source3/utils/net_sam.c 2009-06-18 17:05:47.000000000 +0100 @@ -1540,6 +1540,11 @@ DOM_SID gsid; gid_t domusers_gid = -1; gid_t domadmins_gid = -1; + gid_t builtinadmins_gid = -1; + gid_t builtinusers_gid = -1; + gid_t builtinguests_gid = -1; + gid_t builtinpowerusers_gid = -1; + struct samu *samuser; struct passwd *pwd; @@ -1704,6 +1709,223 @@ doma_done: + d_printf("Checking for BUILTIN\\Administrators group.\n"); + + sid_copy(&gsid, &global_sid_Builtin_Administrators); + + if (!pdb_getgrsid(&gmap, gsid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the BUILTIN\\Administrators group.\n"); + + /* lets allocate a new groupid for this group */ + if (!winbind_allocate_gid(&builtinadmins_gid)) { + d_fprintf(stderr, "Unable to allocate a new gid to create BUILTIN\\Administrators group!\n"); + goto builtina_done; + } + + uname = talloc_strdup(tc, "builtinadmins"); + wname = talloc_strdup(tc, "Administrators"); + dn = talloc_asprintf(tc, "cn=%s,%s", "builtinadmins", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%u", (unsigned int)builtinadmins_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_ALIAS); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", SID_BUILTIN_ADMINISTRATORS ); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add BUILTIN\\Administrators group to ldap directory\n"); + } + } else { + builtinadmins_gid = gmap.gid; + d_printf("found!\n"); + } + +builtina_done: + + d_printf("Checking for BUILTIN\\Users group.\n"); + + sid_copy(&gsid, &global_sid_Builtin_Users); + + if (!pdb_getgrsid(&gmap, gsid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the BUILTIN\\Users group.\n"); + + /* lets allocate a new groupid for this group */ + if (!winbind_allocate_gid(&builtinusers_gid)) { + d_fprintf(stderr, "Unable to allocate a new gid to create BUILTIN\\Users group!\n"); + goto builtinu_done; + } + + uname = talloc_strdup(tc, "builtinusers"); + wname = talloc_strdup(tc, "Users"); + dn = talloc_asprintf(tc, "cn=%s,%s", "builtinusers", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%u", (unsigned int)builtinusers_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_ALIAS); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", SID_BUILTIN_USERS ); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add BUILTIN\\Guests group to ldap directory\n"); + } + } else { + builtinusers_gid = gmap.gid; + d_printf("found!\n"); + } + +builtinu_done: + + d_printf("Checking for BUILTIN\\Guests group.\n"); + + sid_copy(&gsid, &global_sid_Builtin_Guests); + + if (!pdb_getgrsid(&gmap, gsid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the BUILTIN\\Guests group.\n"); + + /* lets allocate a new groupid for this group */ + if (!winbind_allocate_gid(&builtinguests_gid)) { + d_fprintf(stderr, "Unable to allocate a new gid to create BUILTIN\\Guests group!\n"); + goto builting_done; + } + + uname = talloc_strdup(tc, "builtinguests"); + wname = talloc_strdup(tc, "Guests"); + dn = talloc_asprintf(tc, "cn=%s,%s", "builtinguests", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%u", (unsigned int)builtinguests_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_ALIAS); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", SID_BUILTIN_GUESTS ); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add BUILTIN\\Guests group to ldap directory\n"); + } + } else { + builtinusers_gid = gmap.gid; + d_printf("found!\n"); + } + +builting_done: + + d_printf("Checking for BUILTIN\\Power Users group.\n"); + + sid_copy(&gsid, &global_sid_Builtin_Power_Users); + + if (!pdb_getgrsid(&gmap, gsid)) { + LDAPMod **mods = NULL; + char *dn; + char *uname; + char *wname; + char *gidstr; + char *gtype; + int rc; + + d_printf("Adding the BUILTIN\\Power Users.\n"); + + /* lets allocate a new groupid for this group */ + if (!winbind_allocate_gid(&builtinpowerusers_gid)) { + d_fprintf(stderr, "Unable to allocate a new gid to create BUILTIN\\Power Users!\n"); + goto builtinpu_done; + } + + uname = talloc_strdup(tc, "builtinpowerusers"); + wname = talloc_strdup(tc, "Power Users"); + dn = talloc_asprintf(tc, "cn=%s,%s", "builtinpowerusers", lp_ldap_group_suffix()); + gidstr = talloc_asprintf(tc, "%u", (unsigned int)builtinpowerusers_gid); + gtype = talloc_asprintf(tc, "%d", SID_NAME_ALIAS); + + if (!uname || !wname || !dn || !gidstr || !gtype) { + d_fprintf(stderr, "Out of Memory!\n"); + goto failed; + } + + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", SID_BUILTIN_POWER_USERS ); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", gtype); + + talloc_autofree_ldapmod(tc, mods); + + rc = smbldap_add(ls, dn, mods); + + if (rc != LDAP_SUCCESS) { + d_fprintf(stderr, "Failed to add BUILTIN\\Power Users group to ldap directory\n"); + } + } else { + builtinpowerusers_gid = gmap.gid; + d_printf("found!\n"); + } + +builtinpu_done: + + d_printf("Check for Administrator account.\n"); samuser = samu_new(tc); @@ -1865,11 +2087,11 @@ d_printf("found!\n"); } - d_printf("Checking Guest's group.\n"); + d_printf("Checking Domain Guest's group.\n"); pwd = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount()); if (!pwd) { - d_fprintf(stderr, "Failed to find just created Guest account!\n" + d_fprintf(stderr, "Failed to find just created Domain Guest's account!\n" " Is nss properly configured?!\n"); goto failed; }