1#!/usr/bin/perl -w 2 3# $Id: smbldap-groupadd,v 1.1.1.1 2010-07-16 07:33:12 winniec Exp $ 4# 5# This code was developped by IDEALX (http://IDEALX.org/) and 6# contributors (their names can be found in the CONTRIBUTORS file). 7# 8# Copyright (C) 2001-2002 IDEALX 9# 10# This program is free software; you can redistribute it and/or 11# modify it under the terms of the GNU General Public License 12# as published by the Free Software Foundation; either version 2 13# of the License, or (at your option) any later version. 14# 15# This program is distributed in the hope that it will be useful, 16# but WITHOUT ANY WARRANTY; without even the implied warranty of 17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18# GNU General Public License for more details. 19# 20# You should have received a copy of the GNU General Public License 21# along with this program; if not, write to the Free Software 22# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 23# USA. 24 25# Purpose of smbldap-groupadd : group (posix) add 26 27 28use strict; 29use FindBin; 30use FindBin qw($RealBin); 31use lib "$RealBin/"; 32use smbldap_tools; 33use Getopt::Std; 34my %Options; 35 36my $ok = getopts('abg:or:s:t:p?', \%Options); 37if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { 38 print_banner; 39 print "Usage: $0 [-agorst?] groupname\n"; 40 print " -a add automatic group mapping entry\n"; 41 print " -b create a AIX group\n"; 42 print " -g gid\n"; 43 print " -o gid is not unique\n"; 44 print " -r group-rid\n"; 45 print " -s group-sid\n"; 46 print " -t group-type\n"; 47 print " -p print the gidNumber to stdout\n"; 48 print " -? show this help message\n"; 49 exit (1); 50} 51 52 53my $_groupName = $ARGV[0]; 54 55my $ldap_master=connect_ldap_master(); 56 57if (defined(get_group_dn($_groupName))) { 58 warn "$0: group $_groupName exists\n"; 59 exit (6); 60} 61 62my $_groupGidNumber = $Options{'g'}; 63if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) { 64 warn "$0: error adding group $_groupName\n"; 65 exit (6); 66} 67 68my $group_sid; 69my $tmp; 70if ($tmp= $Options{'s'}) { 71 if ($tmp =~ /^S-(?:\d+-)+\d+$/) { 72 $group_sid = $tmp; 73 } else { 74 warn "$0: illegal group-rid $tmp\n"; 75 exit(7); 76 } 77} elsif ($Options{'r'} || $Options{'a'}) { 78 my $group_rid; 79 if ($tmp= $Options{'r'}) { 80 if ($tmp =~ /^\d+$/) { 81 $group_rid = $tmp; 82 } else { 83 warn "$0: illegal group-rid $tmp\n"; 84 exit(7); 85 } 86 } else { 87 # algorithmic mapping 88 $group_rid = 2*$_groupGidNumber+1001; 89 } 90 $group_sid = $config{SID}.'-'.$group_rid; 91} 92 93if ($Options{'r'} || $Options{'a'} || $Options{'s'}) { 94 # let's test if this SID already exist 95 my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn}); 96 if ($test_exist_sid->count == 1) { 97 warn "Group SID already owned by\n"; 98 # there should not exist more than one entry, but ... 99 foreach my $entry ($test_exist_sid->all_entries) { 100 my $dn= $entry->dn; 101 chomp($dn); 102 warn "$dn\n"; 103 } 104 exit(7); 105 } 106} 107 108if ($group_sid) { 109 my $group_type; 110 my $tmp; 111 if ($tmp= $Options{'t'}) { 112 unless (defined($group_type = &group_type_by_name($tmp))) { 113 warn "$0: unknown group type $tmp\n"; 114 exit(8); 115 } 116 } else { 117 $group_type = group_type_by_name('domain'); 118 } 119 my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}", 120 add => { 121 'objectClass' => 'sambaGroupMapping', 122 'sambaSID' => $group_sid, 123 'sambaGroupType' => $group_type, 124 'displayName' => "$_groupName" 125 } 126 ); 127 $modify->code && warn "failed to delete entry: ", $modify->error ; 128} 129 130if ($Options{'b'}) { 131 my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}", 132 add => { 133 'objectClass' => 'AIXAuxGroup', 134 'AIXGroupAdminList' => 'root', 135 'isAdministrator' => 'false' 136 } 137 ); 138 $modify->code && warn "failed to delete entry: ", $modify->error ; 139} 140 141# take down session 142$ldap_master->unbind; 143 144if ($Options{'p'}) { 145 print STDOUT "$_groupGidNumber"; 146} 147exit(0); 148 149######################################## 150 151=head1 NAME 152 153 smbldap-groupadd - Create a new group 154 155=head1 SYNOPSIS 156 157 smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid] 158 [-t group type] [-p] group 159 160=head1 DESCRIPTION 161 162 The smbldap-groupadd command creates a new group account using 163 the values specified on the command line and the default values 164 from the configuration file. 165 The new group will be entered into the system files as needed. 166 Available options are : 167 168 -g gid 169 The numerical value of the group's ID. This value must be 170 unique, unless the -o option is used. The value must be non- 171 negative. The default is to use the smallest ID value greater 172 than 1000 and greater than every other group. 173 174 -a 175 add an automatic Security ID for the group (SID). 176 The rid of the group is calculated from the gidNumber of the 177 group as rid=2*gidNumber+1001. Thus the resulted SID of the 178 group is $SID-$rid where $SID and $rid are the domain SID and 179 the group rid 180 181 -b 182 the group is also a AIX group 183 184 -s sid 185 set the group SID. 186 The SID must be unique and defined with the domain Security ID 187 ($SID) like sid=$SID-rid where rid is the group rid. 188 189 -r rid 190 set the group rid. 191 The SID is then calculated as sid=$SID-rid where $SID is the 192 domain Security ID. 193 194 -t group type 195 set the NT Group type for the new group. Available values are 196 2 (domain group), 4 (local group) and 5 (builtin group). 197 The default group type is 2. 198 199=head1 SEE ALSO 200 201 groupadd(1) 202 203=cut 204 205#' 206