%u\fR
.TP
\fBadd group script (G)\fR
-This is the full pathname to a script that will
-be run \fBAS ROOT\fR by smbd(8) when a new group is requested. It will expand any \fI%g\fR to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
+This is the full pathname to a script that will be run \fBAS ROOT\fR
+by smbd(8) when a new group is requested. It will expand any \fI%g\fR
+to the group name passed. This script is only useful for
+installations using the Windows NT domain administration tools. The
+script is free to create a group with an arbitrary name to circumvent
+unix group name restrictions. In that case the script must print the
+numeric gid of the created group on stdout.
.TP
\fBadmin users (S)\fR
This is a list of users who will be granted
Create a UNIX group on demand.
****************************************************************************/
-int smb_create_group(char *unix_group)
+int smb_create_group(char *unix_group, gid_t *new_gid)
{
pstring add_script;
int ret;
+ int fd = 0;
pstrcpy(add_script, lp_addgroup_script());
if (! *add_script) return -1;
pstring_sub(add_script, "%g", unix_group);
- ret = smbrun(add_script,NULL);
+ ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
+ if (ret != 0)
+ return ret;
+
+ if (fd != 0) {
+ fstring output;
+
+ *new_gid = 0;
+ if (read(fd, output, sizeof(output)) > 0) {
+ *new_gid = (gid_t)strtoul(output, NULL, 10);
+ }
+ close(fd);
+
+ if (*new_gid == 0) {
+ /* The output was garbage. We assume nobody
+ will create group 0 via smbd. Now we try to
+ get the group via getgrnam. */
+
+ struct group *grp = getgrnam(unix_group);
+ if (grp != NULL)
+ *new_gid = grp->gr_gid;
+ else
+ return 1;
+ }
+ }
+
return ret;
}
struct samr_info *info;
PRIVILEGE_SET priv_set;
uint32 acc_granted;
+ gid_t gid;
init_privilege(&priv_set);
return NT_STATUS_GROUP_EXISTS;
/* we can create the UNIX group */
- smb_create_group(name);
+ if (smb_create_group(name, &gid) != 0)
+ return NT_STATUS_ACCESS_DENIED;
/* check if the group has been successfully created */
- if ((grp=getgrnam(name)) == NULL)
+ if ((grp=getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
struct samr_info *info;
PRIVILEGE_SET priv_set;
uint32 acc_granted;
+ gid_t gid;
init_privilege(&priv_set);
return NT_STATUS_GROUP_EXISTS;
/* we can create the UNIX group */
- smb_create_group(name);
+ if (smb_create_group(name, &gid) != 0)
+ return NT_STATUS_ACCESS_DENIED;
/* check if the group has been successfully created */
- if ((grp=getgrnam(name)) == NULL)
+ if ((grp=getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
fstring sid_string;
GROUP_MAP map;
int flag = TDB_INSERT;
+ gid_t gid;
unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
if ((grp = getgrnam(name)) == NULL)
- smb_create_group(name);
+ smb_create_group(name, &gid);
- if ((grp = getgrnam(name)) == NULL)
+ if ((grp = getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
/* add the group to the mapping table */