Print this page
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-15041 method to delete local SMB users
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15041 method to delete local SMB users
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
SUP-549 Can't remove the Domain Admin from the local administrators group. (fix copyrights)
SUP-549 Can't remove the Domain Admin from the local administrators group.
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-2667 Wrong error when join domain with wrong password
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
NEX-2286 smbadm join error messages are uninformative
NEX-1852 re-enable Kerberos-style AD join (try 2)
SMB-106 Add '-y' flag to 'smbadm join' command
NEX-816 smbadm dumps core during first join attempt
SMB-65 SMB server in non-global zones (data structure changes)
Many things move to the smb_server_t object, and
many functions gain an sv arg (which server).
re #12435 rb3958 r10 is added 2 times to panic info
re #12393 rb3935 Kerberos and smbd disagree about who is our AD server
@@ -18,11 +18,11 @@
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
*/
/*
* This module contains smbadm CLI which offers smb configuration
* functionalities.
@@ -63,11 +63,12 @@
HELP_LOOKUP,
HELP_RENAME,
HELP_SET,
HELP_SHOW,
HELP_USER_DISABLE,
- HELP_USER_ENABLE
+ HELP_USER_ENABLE,
+ HELP_USER_DELETE
} smbadm_help_t;
#define SMBADM_CMDF_NONE 0x00
#define SMBADM_CMDF_USER 0x01
#define SMBADM_CMDF_GROUP 0x02
@@ -116,41 +117,45 @@
static int smbadm_group_setprop(int, char **);
static int smbadm_group_addmember(int, char **);
static int smbadm_group_delmember(int, char **);
static int smbadm_group_add_del_member(char *, char *, smbadm_grp_action_t);
+static int smbadm_user_delete(int, char **);
static int smbadm_user_disable(int, char **);
static int smbadm_user_enable(int, char **);
+/* Please keep the order consistent with smbadm(1M) man page */
static smbadm_cmdinfo_t smbadm_cmdtable[] =
{
- { "add-member", smbadm_group_addmember, HELP_ADD_MEMBER,
- SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
{ "create", smbadm_group_create, HELP_CREATE,
SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
{ "delete", smbadm_group_delete, HELP_DELETE,
SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "rename", smbadm_group_rename, HELP_RENAME,
+ SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "show", smbadm_group_show, HELP_SHOW,
+ SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "get", smbadm_group_getprop, HELP_GET,
+ SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "set", smbadm_group_setprop, HELP_SET,
+ SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "add-member", smbadm_group_addmember, HELP_ADD_MEMBER,
+ SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "remove-member", smbadm_group_delmember, HELP_DEL_MEMBER,
+ SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
+ { "delete-user", smbadm_user_delete, HELP_USER_DELETE,
+ SMBADM_CMDF_USER, SMBADM_ACTION_AUTH },
{ "disable-user", smbadm_user_disable, HELP_USER_DISABLE,
SMBADM_CMDF_USER, SMBADM_ACTION_AUTH },
{ "enable-user", smbadm_user_enable, HELP_USER_ENABLE,
SMBADM_CMDF_USER, SMBADM_ACTION_AUTH },
- { "get", smbadm_group_getprop, HELP_GET,
- SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
{ "join", smbadm_join, HELP_JOIN,
SMBADM_CMDF_NONE, SMBADM_VALUE_AUTH },
{ "list", smbadm_list, HELP_LIST,
SMBADM_CMDF_NONE, SMBADM_BASIC_AUTH },
{ "lookup", smbadm_lookup, HELP_LOOKUP,
SMBADM_CMDF_NONE, SMBADM_BASIC_AUTH },
- { "remove-member", smbadm_group_delmember, HELP_DEL_MEMBER,
- SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
- { "rename", smbadm_group_rename, HELP_RENAME,
- SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
- { "set", smbadm_group_setprop, HELP_SET,
- SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
- { "show", smbadm_group_show, HELP_SHOW,
- SMBADM_CMDF_GROUP, SMBADM_ACTION_AUTH },
};
#define SMBADM_NCMD (sizeof (smbadm_cmdtable) / sizeof (smbadm_cmdtable[0]))
typedef struct smbadm_prop {
@@ -179,15 +184,15 @@
static int smbadm_getprop_restore(char *gname, smbadm_prop_t *prop);
static int smbadm_setprop_desc(char *gname, smbadm_prop_t *prop);
static int smbadm_getprop_desc(char *gname, smbadm_prop_t *prop);
static smbadm_prop_handle_t smbadm_ptable[] = {
- {"backup", "on | off", smbadm_setprop_backup,
+ {"backup", "on|off", smbadm_setprop_backup,
smbadm_getprop_backup, smbadm_chkprop_priv },
- {"restore", "on | off", smbadm_setprop_restore,
+ {"restore", "on|off", smbadm_setprop_restore,
smbadm_getprop_restore, smbadm_chkprop_priv },
- {"take-ownership", "on | off", smbadm_setprop_tkowner,
+ {"take-ownership", "on|off", smbadm_setprop_tkowner,
smbadm_getprop_tkowner, smbadm_chkprop_priv },
{"description", "<string>", smbadm_setprop_desc,
smbadm_getprop_desc, NULL },
};
@@ -204,78 +209,74 @@
smbadm_cmdusage(FILE *fp, smbadm_cmdinfo_t *cmd)
{
switch (cmd->usage) {
case HELP_ADD_MEMBER:
(void) fprintf(fp,
- gettext("\t%s -m member [[-m member] ...] group\n"),
+ gettext("\t%s -m <member> [-m <member>]... <group>\n"),
cmd->name);
return;
case HELP_CREATE:
- (void) fprintf(fp, gettext("\t%s [-d description] group\n"),
+ (void) fprintf(fp, gettext("\t%s [-d <description>] <group>\n"),
cmd->name);
return;
case HELP_DELETE:
- (void) fprintf(fp, gettext("\t%s group\n"), cmd->name);
+ (void) fprintf(fp, gettext("\t%s <group>\n"), cmd->name);
return;
+ case HELP_USER_DELETE:
case HELP_USER_DISABLE:
case HELP_USER_ENABLE:
- (void) fprintf(fp, gettext("\t%s user\n"), cmd->name);
+ (void) fprintf(fp, gettext("\t%s <username>\n"), cmd->name);
return;
case HELP_GET:
- (void) fprintf(fp, gettext("\t%s [[-p property] ...] group\n"),
+ (void) fprintf(fp, gettext("\t%s [-p <property>]... <group>\n"),
cmd->name);
return;
case HELP_JOIN:
-#if 0 /* Don't document "-p" yet, still needs work (NX 11960) */
- (void) fprintf(fp, gettext("\t%s [-y] -p domain\n"
- "\t%s [-y] -u username domain\n\t%s [-y] -w workgroup\n"),
+#if 0 /* Don't document "-p" yet, still needs work (NEX-11960) */
+ (void) fprintf(fp, gettext("\t%s [-y] -p <domain>\n"
+ "\t%s [-y] -u <username domain>\n"
+ "\t%s [-y] -w <workgroup>\n"),
cmd->name, cmd->name, cmd->name);
#else
- (void) fprintf(fp, gettext("\t%s [-y] -u username domain\n"
- "\t%s [-y] -w workgroup\n"), cmd->name, cmd->name);
+ (void) fprintf(fp, gettext("\t%s [-y] -u <username> <domain>\n"
+ "\t%s [-y] -w <workgroup>\n"), cmd->name, cmd->name);
#endif
return;
case HELP_LIST:
(void) fprintf(fp, gettext("\t%s\n"), cmd->name);
- (void) fprintf(fp,
- gettext("\t\t[*] primary domain\n"));
- (void) fprintf(fp, gettext("\t\t[.] local domain\n"));
- (void) fprintf(fp, gettext("\t\t[-] other domains\n"));
- (void) fprintf(fp,
- gettext("\t\t[+] selected domain controller\n"));
return;
case HELP_LOOKUP:
(void) fprintf(fp,
- gettext("\t%s user-or-group-name\n"),
+ gettext("\t%s <account-name>\n"),
cmd->name);
return;
case HELP_DEL_MEMBER:
(void) fprintf(fp,
- gettext("\t%s -m member [[-m member] ...] group\n"),
+ gettext("\t%s -m <member> [-m <member>]... <group>\n"),
cmd->name);
return;
case HELP_RENAME:
- (void) fprintf(fp, gettext("\t%s group new-group\n"),
+ (void) fprintf(fp, gettext("\t%s <group> <new-group>\n"),
cmd->name);
return;
case HELP_SET:
- (void) fprintf(fp, gettext("\t%s -p property=value "
- "[[-p property=value] ...] group\n"), cmd->name);
+ (void) fprintf(fp, gettext("\t%s -p <property>=<value> "
+ "[-p <property>=<value>]... <group>\n"), cmd->name);
return;
case HELP_SHOW:
- (void) fprintf(fp, gettext("\t%s [-m] [-p] [group]\n"),
+ (void) fprintf(fp, gettext("\t%s [-mp] [<group>]\n"),
cmd->name);
return;
default:
break;
@@ -292,14 +293,12 @@
boolean_t show_props = B_FALSE;
int i;
if (curcmd == NULL) {
(void) fprintf(fp,
- gettext("usage: %s [-h | <command> [options]]\n"),
+ gettext("usage: %s <subcommand> <args> ...\n"),
progname);
- (void) fprintf(fp,
- gettext("where 'command' is one of the following:\n\n"));
for (i = 0; i < SMBADM_NCMD; i++)
smbadm_cmdusage(fp, &smbadm_cmdtable[i]);
(void) fprintf(fp,
@@ -1406,15 +1405,16 @@
/*
* We are given a SID. Just use it.
*
* We'e like the real account type if we can get it,
* but don't want to error out if we can't get it.
+ * Lacking other info, assume it's a group.
*/
sidstr = mname;
rc = smb_lookup_sid(sidstr, &acct);
if ((rc != 0) || (acct.a_status != NT_STATUS_SUCCESS))
- acct.a_sidtype = SidTypeUnknown;
+ acct.a_sidtype = SidTypeGroup;
} else {
rc = smb_lookup_name(mname, SidTypeUnknown, &acct);
if ((rc != 0) || (acct.a_status != NT_STATUS_SUCCESS)) {
(void) fprintf(stderr,
gettext("%s: name lookup failed\n"), mname);
@@ -1455,10 +1455,31 @@
return (1);
}
return (0);
}
+static int
+smbadm_user_delete(int argc, char **argv)
+{
+ int error;
+ char *user = NULL;
+
+ user = argv[optind];
+ if (optind >= argc || user == NULL || *user == '\0') {
+ (void) fprintf(stderr, gettext("missing user name\n"));
+ smbadm_usage(B_FALSE);
+ }
+
+ error = smb_pwd_setcntl(user, SMB_PWC_DELETE);
+ if (error == SMB_PWE_SUCCESS)
+ (void) printf(gettext("%s has been deleted.\n"), user);
+ else
+ (void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error));
+
+ return (error);
+}
+
static int
smbadm_user_disable(int argc, char **argv)
{
int error;
char *user = NULL;