1#!/usr/bin/perl -w 2 3# $Id: smbldap-groupadd,v 1.11 2005/01/08 12:04:45 jtournier Exp $ 4# 5# This code was developped by IDEALX (http://IDEALX.org/) and 6# contributors (their names can be found in the CONTRIBUTORS file). 7# 8# Copyright (C) 2001-2002 IDEALX 9# 10# This program is free software; you can redistribute it and/or 11# modify it under the terms of the GNU General Public License 12# as published by the Free Software Foundation; either version 2 13# of the License, or (at your option) any later version. 14# 15# This program is distributed in the hope that it will be useful, 16# but WITHOUT ANY WARRANTY; without even the implied warranty of 17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18# GNU General Public License for more details. 19# 20# You should have received a copy of the GNU General Public License 21# along with this program; if not, write to the Free Software 22# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 23# USA. 24 25# Purpose of smbldap-groupadd : group (posix) add 26 27 28use strict; 29use FindBin; 30use FindBin qw($RealBin); 31use lib "$RealBin/"; 32use smbldap_tools; 33use Getopt::Std; 34my %Options; 35 36my $ok = getopts('ag:or:s:t:p?', \%Options); 37if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { 38 print_banner; 39 print "Usage: $0 [-agorst?] groupname\n"; 40 print " -a add automatic group mapping entry\n"; 41 print " -g gid\n"; 42 print " -o gid is not unique\n"; 43 print " -r group-rid\n"; 44 print " -s group-sid\n"; 45 print " -t group-type\n"; 46 print " -p print the gidNumber to stdout\n"; 47 print " -? show this help message\n"; 48 exit (1); 49} 50 51 52my $_groupName = $ARGV[0]; 53 54my $ldap_master=connect_ldap_master(); 55 56if (defined(get_group_dn($_groupName))) { 57 warn "$0: group $_groupName exists\n"; 58 exit (6); 59} 60 61my $_groupGidNumber = $Options{'g'}; 62if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) { 63 warn "$0: error adding group $_groupName\n"; 64 exit (6); 65} 66 67my $group_sid; 68my $tmp; 69if ($tmp= $Options{'s'}) { 70 if ($tmp =~ /^S-(?:\d+-)+\d+$/) { 71 $group_sid = $tmp; 72 } else { 73 warn "$0: illegal group-rid $tmp\n"; 74 exit(7); 75 } 76} elsif ($Options{'r'} || $Options{'a'}) { 77 my $group_rid; 78 if ($tmp= $Options{'r'}) { 79 if ($tmp =~ /^\d+$/) { 80 $group_rid = $tmp; 81 } else { 82 warn "$0: illegal group-rid $tmp\n"; 83 exit(7); 84 } 85 } else { 86 # algorithmic mapping 87 $group_rid = 2*$_groupGidNumber+1001; 88 } 89 $group_sid = $config{SID}.'-'.$group_rid; 90} 91 92if ($Options{'r'} || $Options{'a'} || $Options{'s'}) { 93 # let's test if this SID already exist 94 my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn}); 95 if ($test_exist_sid->count == 1) { 96 warn "Group SID already owned by\n"; 97 # there should not exist more than one entry, but ... 98 foreach my $entry ($test_exist_sid->all_entries) { 99 my $dn= $entry->dn; 100 chomp($dn); 101 warn "$dn\n"; 102 } 103 exit(7); 104 } 105} 106 107if ($group_sid) { 108 my $group_type; 109 my $tmp; 110 if ($tmp= $Options{'t'}) { 111 unless (defined($group_type = &group_type_by_name($tmp))) { 112 warn "$0: unknown group type $tmp\n"; 113 exit(8); 114 } 115 } else { 116 $group_type = group_type_by_name('domain'); 117 } 118 my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}", 119 add => { 120 'objectClass' => 'sambaGroupMapping', 121 'sambaSID' => $group_sid, 122 'sambaGroupType' => $group_type, 123 'displayName' => "$_groupName" 124 } 125 ); 126 $modify->code && warn "failed to delete entry: ", $modify->error ; 127} 128 129# take down session 130$ldap_master->unbind; 131 132if ($Options{'p'}) { 133 print STDOUT "$_groupGidNumber"; 134} 135exit(0); 136 137######################################## 138 139=head1 NAME 140 141 smbldap-groupadd - Create a new group 142 143=head1 SYNOPSIS 144 145 smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid] 146 [-t group type] [-p] group 147 148=head1 DESCRIPTION 149 150 The smbldap-groupadd command creates a new group account using 151 the values specified on the command line and the default values 152 from the configuration file. 153 The new group will be entered into the system files as needed. 154 Available options are : 155 156 -g gid 157 The numerical value of the group's ID. This value must be 158 unique, unless the -o option is used. The value must be non- 159 negative. The default is to use the smallest ID value greater 160 than 1000 and greater than every other group. 161 162 -a 163 add an automatic Security ID for the group (SID). 164 The rid of the group is calculated from the gidNumber of the 165 group as rid=2*gidNumber+1001. Thus the resulted SID of the 166 group is $SID-$rid where $SID and $rid are the domain SID and 167 the group rid 168 169 -s sid 170 set the group SID. 171 The SID must be unique and defined with the domain Security ID 172 ($SID) like sid=$SID-rid where rid is the group rid. 173 174 -r rid 175 set the group rid. 176 The SID is then calculated as sid=$SID-rid where $SID is the 177 domain Security ID. 178 179 -t group type 180 set the NT Group type for the new group. Available values are 181 2 (domain group), 4 (local group) and 5 (builtin group). 182 The default group type is 2. 183 184=head1 SEE ALSO 185 186 groupadd(1) 187 188=cut 189 190#' 191