• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /netgear-WNDR4500v2-V1.0.0.60_1.0.38/ap/gpl/samba-3.0.13/examples/LDAP/smbldap-tools-0.8.7/
1#!/usr/bin/perl -w
2
3# $Id: smbldap-groupadd,v 1.11 2005/01/08 12:04:45 jtournier Exp $
4#
5#  This code was developped by IDEALX (http://IDEALX.org/) and
6#  contributors (their names can be found in the CONTRIBUTORS file).
7#
8#                 Copyright (C) 2001-2002 IDEALX
9#
10#  This program is free software; you can redistribute it and/or
11#  modify it under the terms of the GNU General Public License
12#  as published by the Free Software Foundation; either version 2
13#  of the License, or (at your option) any later version.
14#
15#  This program is distributed in the hope that it will be useful,
16#  but WITHOUT ANY WARRANTY; without even the implied warranty of
17#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18#  GNU General Public License for more details.
19#
20#  You should have received a copy of the GNU General Public License
21#  along with this program; if not, write to the Free Software
22#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
23#  USA.
24
25# Purpose of smbldap-groupadd : group (posix) add
26
27
28use strict;
29use FindBin;
30use FindBin qw($RealBin);
31use lib "$RealBin/";
32use smbldap_tools;
33use Getopt::Std;
34my %Options;
35
36my $ok = getopts('ag:or:s:t:p?', \%Options);
37if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
38  print_banner;
39  print "Usage: $0 [-agorst?] groupname\n";
40  print "  -a   add automatic group mapping entry\n";
41  print "  -g   gid\n";
42  print "  -o   gid is not unique\n";
43  print "  -r   group-rid\n";
44  print "  -s   group-sid\n";
45  print "  -t   group-type\n";
46  print "  -p   print the gidNumber to stdout\n";
47  print "  -?   show this help message\n";
48  exit (1);
49}
50
51
52my $_groupName = $ARGV[0];
53
54my $ldap_master=connect_ldap_master();
55
56if (defined(get_group_dn($_groupName))) {
57  warn "$0: group $_groupName exists\n";
58  exit (6);
59}
60
61my $_groupGidNumber = $Options{'g'};
62if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) {
63  warn "$0: error adding group $_groupName\n";
64  exit (6);
65}
66
67my $group_sid;
68my $tmp;
69if ($tmp= $Options{'s'}) {
70  if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
71    $group_sid = $tmp;
72  } else {
73    warn "$0: illegal group-rid $tmp\n";
74    exit(7);
75  }
76} elsif ($Options{'r'} || $Options{'a'}) {
77  my $group_rid;
78  if ($tmp= $Options{'r'}) {
79    if ($tmp =~ /^\d+$/) {
80      $group_rid = $tmp;
81    } else {
82      warn "$0: illegal group-rid $tmp\n";
83      exit(7);
84    }
85  } else {
86    # algorithmic mapping
87    $group_rid = 2*$_groupGidNumber+1001;
88  }
89  $group_sid = $config{SID}.'-'.$group_rid;
90}
91
92if ($Options{'r'} || $Options{'a'} || $Options{'s'}) {
93  # let's test if this SID already exist
94  my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn});
95  if ($test_exist_sid->count == 1) {
96    warn "Group SID already owned by\n";
97    # there should not exist more than one entry, but ...
98    foreach my $entry ($test_exist_sid->all_entries) {
99      my $dn= $entry->dn;
100      chomp($dn);
101      warn "$dn\n";
102    }
103    exit(7);
104  }
105}
106
107if ($group_sid) {
108  my $group_type;
109  my $tmp;
110  if ($tmp= $Options{'t'}) {
111    unless (defined($group_type = &group_type_by_name($tmp))) {
112      warn "$0: unknown group type $tmp\n";
113      exit(8);
114    }
115  } else {
116    $group_type = group_type_by_name('domain');
117  }
118  my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
119				      add => {
120					      'objectClass' => 'sambaGroupMapping',
121					      'sambaSID' => $group_sid,
122					      'sambaGroupType' => $group_type,
123					      'displayName' => "$_groupName"
124					     }
125				    );
126  $modify->code && warn "failed to delete entry: ", $modify->error ;
127}
128
129# take down session
130$ldap_master->unbind;
131
132if ($Options{'p'}) {
133  print STDOUT "$_groupGidNumber";
134}
135exit(0);
136
137########################################
138
139=head1 NAME
140
141       smbldap-groupadd - Create a new group
142
143=head1 SYNOPSIS
144
145       smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid]
146       [-t group type] [-p] group
147
148=head1 DESCRIPTION
149
150       The smbldap-groupadd command creates a new group account using
151       the values specified on the command line and the default values
152       from the configuration file.
153       The new group will be entered into the system files as needed.
154       Available options are :
155
156       -g gid
157          The numerical value of the group's ID. This value must be
158          unique, unless the -o option is used. The value must be non-
159          negative. The default is to use the smallest ID value greater
160          than 1000 and greater than every other group.
161
162       -a
163          add an automatic Security ID for the group (SID).
164          The rid of the group is calculated from the gidNumber of the
165          group as rid=2*gidNumber+1001. Thus the resulted SID of the
166          group is $SID-$rid where $SID and $rid are the domain SID and
167          the group rid
168
169       -s sid
170          set the group SID.
171          The SID must be unique and defined with the domain Security ID
172          ($SID) like sid=$SID-rid where rid is the group rid.
173
174       -r rid
175          set the group rid.
176          The SID is then calculated as sid=$SID-rid where $SID is the
177          domain Security ID.
178
179       -t group type
180          set the NT Group type for the new group. Available values are
181          2 (domain group), 4 (local group) and 5 (builtin group).
182          The default group type is 2.
183
184=head1 SEE ALSO
185
186       groupadd(1)
187
188=cut
189
190#'
191