1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

Ok, getting a bit more ambitious. Stop me, if this is wrong. ;-)

When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.

Volker
This commit is contained in:
Volker Lendecke 0001-01-01 00:00:00 +00:00
parent 42774a7753
commit b959419ed3
4 changed files with 46 additions and 10 deletions

View File

@ -1616,8 +1616,13 @@ Example: \fBadd user script = /usr/local/samba/bin/add_user
%u\fR
.TP
\fBadd group script (G)\fR
This is the full pathname to a script that will
be run \fBAS ROOT\fR by smbd(8) when a new group is requested. It will expand any \fI%g\fR to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
This is the full pathname to a script that will be run \fBAS ROOT\fR
by smbd(8) when a new group is requested. It will expand any \fI%g\fR
to the group name passed. This script is only useful for
installations using the Windows NT domain administration tools. The
script is free to create a group with an arbitrary name to circumvent
unix group name restrictions. In that case the script must print the
numeric gid of the created group on stdout.
.TP
\fBadmin users (S)\fR
This is a list of users who will be granted

View File

@ -1156,16 +1156,42 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
Create a UNIX group on demand.
****************************************************************************/
int smb_create_group(char *unix_group)
int smb_create_group(char *unix_group, gid_t *new_gid)
{
pstring add_script;
int ret;
int fd = 0;
pstrcpy(add_script, lp_addgroup_script());
if (! *add_script) return -1;
pstring_sub(add_script, "%g", unix_group);
ret = smbrun(add_script,NULL);
ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
if (ret != 0)
return ret;
if (fd != 0) {
fstring output;
*new_gid = 0;
if (read(fd, output, sizeof(output)) > 0) {
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
close(fd);
if (*new_gid == 0) {
/* The output was garbage. We assume nobody
will create group 0 via smbd. Now we try to
get the group via getgrnam. */
struct group *grp = getgrnam(unix_group);
if (grp != NULL)
*new_gid = grp->gr_gid;
else
return 1;
}
}
return ret;
}

View File

@ -3857,6 +3857,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
struct samr_info *info;
PRIVILEGE_SET priv_set;
uint32 acc_granted;
gid_t gid;
init_privilege(&priv_set);
@ -3880,10 +3881,11 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
return NT_STATUS_GROUP_EXISTS;
/* we can create the UNIX group */
smb_create_group(name);
if (smb_create_group(name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
/* check if the group has been successfully created */
if ((grp=getgrnam(name)) == NULL)
if ((grp=getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
@ -3920,6 +3922,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
struct samr_info *info;
PRIVILEGE_SET priv_set;
uint32 acc_granted;
gid_t gid;
init_privilege(&priv_set);
@ -3943,10 +3946,11 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
return NT_STATUS_GROUP_EXISTS;
/* we can create the UNIX group */
smb_create_group(name);
if (smb_create_group(name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
/* check if the group has been successfully created */
if ((grp=getgrnam(name)) == NULL)
if ((grp=getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);

View File

@ -323,14 +323,15 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
fstring sid_string;
GROUP_MAP map;
int flag = TDB_INSERT;
gid_t gid;
unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
if ((grp = getgrnam(name)) == NULL)
smb_create_group(name);
smb_create_group(name, &gid);
if ((grp = getgrnam(name)) == NULL)
if ((grp = getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
/* add the group to the mapping table */