mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
Ok, getting a bit more ambitious. Stop me, if this is wrong. ;-)
When creating a group you have to take care of the fact that the underlying unix might not like the group name. This change gets around that problem by giving the add group script the chance to invent a group name. It then must only return the newly created numerical gid. Volker
This commit is contained in:
parent
42774a7753
commit
b959419ed3
@ -1616,8 +1616,13 @@ Example: \fBadd user script = /usr/local/samba/bin/add_user
|
||||
%u\fR
|
||||
.TP
|
||||
\fBadd group script (G)\fR
|
||||
This is the full pathname to a script that will
|
||||
be run \fBAS ROOT\fR by smbd(8) when a new group is requested. It will expand any \fI%g\fR to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
|
||||
This is the full pathname to a script that will be run \fBAS ROOT\fR
|
||||
by smbd(8) when a new group is requested. It will expand any \fI%g\fR
|
||||
to the group name passed. This script is only useful for
|
||||
installations using the Windows NT domain administration tools. The
|
||||
script is free to create a group with an arbitrary name to circumvent
|
||||
unix group name restrictions. In that case the script must print the
|
||||
numeric gid of the created group on stdout.
|
||||
.TP
|
||||
\fBadmin users (S)\fR
|
||||
This is a list of users who will be granted
|
||||
|
@ -1156,16 +1156,42 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
|
||||
Create a UNIX group on demand.
|
||||
****************************************************************************/
|
||||
|
||||
int smb_create_group(char *unix_group)
|
||||
int smb_create_group(char *unix_group, gid_t *new_gid)
|
||||
{
|
||||
pstring add_script;
|
||||
int ret;
|
||||
int fd = 0;
|
||||
|
||||
pstrcpy(add_script, lp_addgroup_script());
|
||||
if (! *add_script) return -1;
|
||||
pstring_sub(add_script, "%g", unix_group);
|
||||
ret = smbrun(add_script,NULL);
|
||||
ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
|
||||
DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (fd != 0) {
|
||||
fstring output;
|
||||
|
||||
*new_gid = 0;
|
||||
if (read(fd, output, sizeof(output)) > 0) {
|
||||
*new_gid = (gid_t)strtoul(output, NULL, 10);
|
||||
}
|
||||
close(fd);
|
||||
|
||||
if (*new_gid == 0) {
|
||||
/* The output was garbage. We assume nobody
|
||||
will create group 0 via smbd. Now we try to
|
||||
get the group via getgrnam. */
|
||||
|
||||
struct group *grp = getgrnam(unix_group);
|
||||
if (grp != NULL)
|
||||
*new_gid = grp->gr_gid;
|
||||
else
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -3857,6 +3857,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
|
||||
struct samr_info *info;
|
||||
PRIVILEGE_SET priv_set;
|
||||
uint32 acc_granted;
|
||||
gid_t gid;
|
||||
|
||||
init_privilege(&priv_set);
|
||||
|
||||
@ -3880,10 +3881,11 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
|
||||
return NT_STATUS_GROUP_EXISTS;
|
||||
|
||||
/* we can create the UNIX group */
|
||||
smb_create_group(name);
|
||||
if (smb_create_group(name, &gid) != 0)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
/* check if the group has been successfully created */
|
||||
if ((grp=getgrnam(name)) == NULL)
|
||||
if ((grp=getgrgid(gid)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
|
||||
@ -3920,6 +3922,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
|
||||
struct samr_info *info;
|
||||
PRIVILEGE_SET priv_set;
|
||||
uint32 acc_granted;
|
||||
gid_t gid;
|
||||
|
||||
init_privilege(&priv_set);
|
||||
|
||||
@ -3943,10 +3946,11 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
|
||||
return NT_STATUS_GROUP_EXISTS;
|
||||
|
||||
/* we can create the UNIX group */
|
||||
smb_create_group(name);
|
||||
if (smb_create_group(name, &gid) != 0)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
/* check if the group has been successfully created */
|
||||
if ((grp=getgrnam(name)) == NULL)
|
||||
if ((grp=getgrgid(gid)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
|
||||
|
@ -323,14 +323,15 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
|
||||
fstring sid_string;
|
||||
GROUP_MAP map;
|
||||
int flag = TDB_INSERT;
|
||||
gid_t gid;
|
||||
|
||||
unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
|
||||
unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
|
||||
|
||||
if ((grp = getgrnam(name)) == NULL)
|
||||
smb_create_group(name);
|
||||
smb_create_group(name, &gid);
|
||||
|
||||
if ((grp = getgrnam(name)) == NULL)
|
||||
if ((grp = getgrgid(gid)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
/* add the group to the mapping table */
|
||||
|
Loading…
Reference in New Issue
Block a user