return 0;
}
+static int net_groupfilter_addsid(struct net_context *c, int argc,
+ const char **argv)
+{
+ struct dom_sid sid;
+ struct dom_sid *sids;
+ uint32_t num_sids;
+
+ if (argc != 1) {
+ d_fprintf(stderr, "usage: net groupfilter addsid <SID>\n");
+ return -1;
+ }
+
+ if (!string_to_sid(&sid, argv[0])) {
+ d_fprintf(stderr, "Could not convert '%s' to SID\n", argv[0]);
+ return -1;
+ }
+
+ if (!secrets_groupfilter_fetch(talloc_tos(), &sids, &num_sids)) {
+ d_fprintf(stderr, "Could not fetch sid list\n");
+ return -1;
+ }
+
+ if (!NT_STATUS_IS_OK(add_sid_to_array_unique(talloc_tos(), &sid,
+ &sids, &num_sids))) {
+ d_fprintf(stderr, "add_sid_to_array_unique failed\n");
+ TALLOC_FREE(sids);
+ return -1;
+ }
+
+ qsort(sids, num_sids, sizeof(struct dom_sid), sid_compare_sort);
+
+ if (!secrets_store(SECRETS_GROUPFILTER_KEY, sids,
+ num_sids * sizeof(struct dom_sid))) {
+ d_fprintf(stderr, "secrets_store failed\n");
+ TALLOC_FREE(sids);
+ return -1;
+ }
+
+ TALLOC_FREE(sids);
+
+ return 0;
+}
+
+static int net_groupfilter_delsid(struct net_context *c, int argc,
+ const char **argv)
+{
+ struct dom_sid sid;
+ struct dom_sid *sids;
+ uint32_t num_sids;
+ bool res;
+
+ if (argc != 1) {
+ d_fprintf(stderr, "usage: net groupfilter delsid <SID>\n");
+ return -1;
+ }
+
+ if (!string_to_sid(&sid, argv[0])) {
+ d_fprintf(stderr, "Could not convert '%s' to SID\n", argv[0]);
+ return -1;
+ }
+
+ if (!secrets_groupfilter_fetch(talloc_tos(), &sids, &num_sids)) {
+ d_fprintf(stderr, "Could not fetch sid list\n");
+ return -1;
+ }
+
+ del_sid_from_array(&sid, &sids, &num_sids);
+
+ if (num_sids == 0) {
+ res = secrets_delete(SECRETS_GROUPFILTER_KEY);
+ } else {
+ res = secrets_store(SECRETS_GROUPFILTER_KEY, sids,
+ num_sids * sizeof(struct dom_sid));
+ }
+
+ if (!res) {
+ d_fprintf(stderr, "secrets_store failed\n");
+ TALLOC_FREE(sids);
+ return -1;
+ }
+
+ TALLOC_FREE(sids);
+
+ return 0;
+}
+
+static int net_groupfilter_list(struct net_context *c, int argc,
+ const char **argv)
+{
+ struct dom_sid *sids;
+ uint32_t num_sids;
+ int i;
+
+ if (!secrets_groupfilter_fetch(talloc_tos(), &sids, &num_sids)) {
+ d_fprintf(stderr, "Could not fetch sid list\n");
+ return -1;
+ }
+
+ for (i=0; i<num_sids; i++) {
+ d_printf("%s\n", sid_string_tos(&sids[i]));
+ }
+
+ TALLOC_FREE(sids);
+
+ return 0;
+}
+
+static int net_groupfilter(struct net_context *c, int argc,
+ const char **argv)
+{
+ struct functable func[] = {
+ {
+ "addsid",
+ net_groupfilter_addsid,
+ NET_TRANSPORT_LOCAL,
+ "Add a SID to the groupfilter",
+ ""
+ },
+ {
+ "delsid",
+ net_groupfilter_delsid,
+ NET_TRANSPORT_LOCAL,
+ "Delete a SID from the groupfilter",
+ ""
+ },
+ {
+ "list",
+ net_groupfilter_list,
+ NET_TRANSPORT_LOCAL,
+ "List groupfilter SIDs",
+ ""
+ },
+ { NULL, NULL, 0, NULL, NULL }
+ };
+
+ return net_run_function(c, argc, argv, "net groupfilter", func);
+}
+
/* main function table */
static struct functable net_func[] = {
{
N_(" Use 'net help serverid' to get more information about "
"'net serverid' commands.")
},
+ { "groupfilter",
+ net_groupfilter,
+ NET_TRANSPORT_LOCAL,
+ "Edit the groupfilter sidlist",
+ " "
+ },
#ifdef WITH_FAKE_KASERVER
{ "afs",