2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-2000,
6 * Copyright (C) Jean François Micouleau 1998-2001.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern DOM_SID global_sam_sid;
27 static TDB_CONTEXT *tdb; /* used for driver files */
29 #define DATABASE_VERSION 1
30 #define GROUP_PREFIX "UNIXGROUP/"
33 {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */
34 {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" },
35 {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" },
36 {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" },
37 {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" },
38 {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" },
39 {SE_PRIV_ALL, "SaAllPrivs", "all privileges" }
43 { 2, "SeCreateTokenPrivilege" },
44 { 3, "SeAssignPrimaryTokenPrivilege" },
45 { 4, "SeLockMemoryPrivilege" },
46 { 5, "SeIncreaseQuotaPrivilege" },
47 { 6, "SeMachineAccountPrivilege" },
48 { 7, "SeTcbPrivilege" },
49 { 8, "SeSecurityPrivilege" },
50 { 9, "SeTakeOwnershipPrivilege" },
51 { 10, "SeLoadDriverPrivilege" },
52 { 11, "SeSystemProfilePrivilege" },
53 { 12, "SeSystemtimePrivilege" },
54 { 13, "SeProfileSingleProcessPrivilege" },
55 { 14, "SeIncreaseBasePriorityPrivilege" },
56 { 15, "SeCreatePagefilePrivilege" },
57 { 16, "SeCreatePermanentPrivilege" },
58 { 17, "SeBackupPrivilege" },
59 { 18, "SeRestorePrivilege" },
60 { 19, "SeShutdownPrivilege" },
61 { 20, "SeDebugPrivilege" },
62 { 21, "SeAuditPrivilege" },
63 { 22, "SeSystemEnvironmentPrivilege" },
64 { 23, "SeChangeNotifyPrivilege" },
65 { 24, "SeRemoteShutdownPrivilege" },
66 { 25, "SeUndockPrivilege" },
67 { 26, "SeSyncAgentPrivilege" },
68 { 27, "SeEnableDelegationPrivilege" },
73 /****************************************************************************
74 check if the user has the required privilege.
75 ****************************************************************************/
76 static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege)
78 /* no token, no privilege */
82 if ((token->privilege & privilege)==privilege)
89 /****************************************************************************
90 dump the mapping group mapping to a text file
91 ****************************************************************************/
92 char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
94 static fstring group_type;
98 fstrcpy(group_type,"User");
100 case SID_NAME_DOM_GRP:
101 fstrcpy(group_type,"Domain group");
103 case SID_NAME_DOMAIN:
104 fstrcpy(group_type,"Domain");
107 fstrcpy(group_type,"Local group");
109 case SID_NAME_WKN_GRP:
110 fstrcpy(group_type,"Builtin group");
112 case SID_NAME_DELETED:
113 fstrcpy(group_type,"Deleted");
115 case SID_NAME_INVALID:
116 fstrcpy(group_type,"Invalid");
118 case SID_NAME_UNKNOWN:
120 fstrcpy(group_type,"Unknown type");
124 fstrcpy(group, group_type);
128 /****************************************************************************
129 open the group mapping tdb
130 ****************************************************************************/
131 BOOL init_group_mapping(void)
133 static pid_t local_pid;
134 char *vstring = "INFO/version";
136 if (tdb && local_pid == sys_getpid()) return True;
137 tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
139 DEBUG(0,("Failed to open group mapping database\n"));
143 local_pid = sys_getpid();
145 /* handle a Samba upgrade */
146 tdb_lock_bystring(tdb, vstring);
147 if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) {
148 tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL);
149 tdb_store_int(tdb, vstring, DATABASE_VERSION);
151 tdb_unlock_bystring(tdb, vstring);
157 /****************************************************************************
158 ****************************************************************************/
159 BOOL add_mapping_entry(GROUP_MAP *map, int flag)
163 fstring string_sid="";
167 sid_to_string(string_sid, &map->sid);
169 len = tdb_pack(buf, sizeof(buf), "ddff",
170 map->gid, map->sid_name_use, map->nt_name, map->comment);
172 for (i=0; i<PRIV_ALL_INDEX; i++)
173 len += tdb_pack(buf+len, sizeof(buf)-len, "d", map->privileges[i]);
175 if (len > sizeof(buf)) return False;
177 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
179 kbuf.dsize = strlen(key)+1;
183 if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
188 /****************************************************************************
189 initialise first time the mapping list
190 ****************************************************************************/
191 BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use,
192 fstring nt_name, fstring comment, uint32 *privilege)
198 string_to_sid(&map.sid, sid);
199 map.sid_name_use=sid_name_use;
200 fstrcpy(map.nt_name, nt_name);
201 fstrcpy(map.comment, comment);
202 for (i=0; i<PRIV_ALL_INDEX; i++)
203 map.privileges[i]=privilege[i];
205 add_mapping_entry(&map, TDB_INSERT);
210 /****************************************************************************
211 initialise a privilege list
212 ****************************************************************************/
213 void init_privilege(uint32 *privilege)
217 for (i=0; i<PRIV_ALL_INDEX; i++)
221 /****************************************************************************
222 add a privilege to a privilege array
223 ****************************************************************************/
224 BOOL add_privilege(uint32 *privilege, uint32 priv)
228 while (i<PRIV_ALL_INDEX && privilege[i]!=0 && privilege[i]!=priv)
231 if (i==PRIV_ALL_INDEX) {
232 DEBUG(10,("add_privilege: the privilege array is full, can't add new priv\n"));
236 if (privilege[i]==priv) {
237 DEBUG(10,("add_privilege: privilege already in array\n"));
247 /****************************************************************************
248 add all the privileges to a privilege array
249 ****************************************************************************/
250 BOOL add_all_privilege(uint32 *privilege)
252 add_privilege(privilege, SE_PRIV_ADD_USERS);
253 add_privilege(privilege, SE_PRIV_ADD_MACHINES);
254 add_privilege(privilege, SE_PRIV_PRINT_OPERATOR);
257 /****************************************************************************
258 check if the privilege list is empty
259 ****************************************************************************/
260 BOOL check_empty_privilege(uint32 *privilege)
264 for (i=0; i<PRIV_ALL_INDEX; i++)
270 /****************************************************************************
271 check if the privilege is in the privilege list
272 ****************************************************************************/
273 BOOL check_priv_in_privilege(uint32 *privilege, uint32 priv)
277 for (i=0; i<PRIV_ALL_INDEX; i++)
278 if(privilege[i]==priv)
283 /****************************************************************************
284 initialise first time the mapping list
285 ****************************************************************************/
286 BOOL default_group_mapping(void)
296 uint32 privilege_none[PRIV_ALL_INDEX];
297 uint32 privilege_all[PRIV_ALL_INDEX];
298 uint32 privilege_print_op[PRIV_ALL_INDEX];
300 init_privilege(privilege_none);
301 init_privilege(privilege_all);
302 init_privilege(privilege_print_op);
304 add_privilege(privilege_print_op, SE_PRIV_PRINT_OPERATOR);
306 add_all_privilege(privilege_all);
308 /* Add the Wellknown groups */
310 add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all);
311 add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none);
312 add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none);
313 add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none);
315 add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none);
316 add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none);
317 add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op);
318 add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none);
320 add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none);
322 /* Add the defaults domain groups */
324 sid_copy(&sid_admins, &global_sam_sid);
325 sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
326 sid_to_string(str_admins, &sid_admins);
327 add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all);
329 sid_copy(&sid_users, &global_sam_sid);
330 sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
331 sid_to_string(str_users, &sid_users);
332 add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none);
334 sid_copy(&sid_guests, &global_sam_sid);
335 sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
336 sid_to_string(str_guests, &sid_guests);
337 add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none);
343 /****************************************************************************
344 return the sid and the type of the unix group
345 ****************************************************************************/
346 BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
354 /* the key is the SID, retrieving is direct */
356 sid_to_string(string_sid, &sid);
357 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
360 kbuf.dsize = strlen(key)+1;
362 dbuf = tdb_fetch(tdb, kbuf);
363 if (!dbuf.dptr) return False;
365 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
366 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
368 for (i=0; i<PRIV_ALL_INDEX; i++)
369 ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &map->privileges[i]);
371 SAFE_FREE(dbuf.dptr);
372 if (ret != dbuf.dsize) {
373 DEBUG(0,("get_group_map_from_sid: group mapping TDB corrupted ?\n"));
377 sid_copy(&map->sid, &sid);
383 /****************************************************************************
384 return the sid and the type of the unix group
385 ****************************************************************************/
386 BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
388 TDB_DATA kbuf, dbuf, newkey;
393 /* we need to enumerate the TDB to find the GID */
395 for (kbuf = tdb_firstkey(tdb);
397 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
399 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
401 dbuf = tdb_fetch(tdb, kbuf);
402 if (!dbuf.dptr) continue;
404 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
406 string_to_sid(&map->sid, string_sid);
408 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
409 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
411 for (i=0; i<PRIV_ALL_INDEX; i++)
412 ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &map->privileges[i]);
414 SAFE_FREE(dbuf.dptr);
415 if (ret != dbuf.dsize) continue;
424 /****************************************************************************
425 return the sid and the type of the unix group
426 ****************************************************************************/
427 BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map)
429 TDB_DATA kbuf, dbuf, newkey;
434 /* we need to enumerate the TDB to find the SID */
436 for (kbuf = tdb_firstkey(tdb);
438 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
440 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
442 dbuf = tdb_fetch(tdb, kbuf);
443 if (!dbuf.dptr) continue;
445 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
447 string_to_sid(&map->sid, string_sid);
449 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
450 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
452 for (i=0; i<PRIV_ALL_INDEX; i++)
453 ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &map->privileges[i]);
455 SAFE_FREE(dbuf.dptr);
456 if (ret != dbuf.dsize) continue;
458 if (StrCaseCmp(name, map->nt_name)==0)
466 /****************************************************************************
467 enumerate the group mapping
468 ****************************************************************************/
469 BOOL group_map_remove(DOM_SID sid)
475 /* the key is the SID, retrieving is direct */
477 sid_to_string(string_sid, &sid);
478 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
481 kbuf.dsize = strlen(key)+1;
483 dbuf = tdb_fetch(tdb, kbuf);
484 if (!dbuf.dptr) return False;
486 SAFE_FREE(dbuf.dptr);
488 if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
495 /****************************************************************************
496 enumerate the group mapping
497 ****************************************************************************/
498 BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
499 int *num_entries, BOOL unix_only)
501 TDB_DATA kbuf, dbuf, newkey;
513 for (kbuf = tdb_firstkey(tdb);
515 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
517 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
520 dbuf = tdb_fetch(tdb, kbuf);
524 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
526 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
527 &map.gid, &map.sid_name_use, &map.nt_name, &map.comment);
529 for (i=0; i<PRIV_ALL_INDEX; i++)
530 ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &map.privileges[i]);
532 SAFE_FREE(dbuf.dptr);
533 if (ret != dbuf.dsize)
536 /* list only the type or everything if UNKNOWN */
537 if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use)
540 if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1)
543 string_to_sid(&map.sid, string_sid);
545 decode_sid_name_use(group_type, map.sid_name_use);
547 mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
549 DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
555 mapt[entries].gid = map.gid;
556 sid_copy( &mapt[entries].sid, &map.sid);
557 mapt[entries].sid_name_use = map.sid_name_use;
558 fstrcpy(mapt[entries].nt_name, map.nt_name);
559 fstrcpy(mapt[entries].comment, map.comment);
560 for (i=0; i<PRIV_ALL_INDEX; i++)
561 mapt[entries].privileges[i] = map.privileges[i];
566 *num_entries=entries;
571 /****************************************************************************
572 convert a privilege string to a privilege array
573 ****************************************************************************/
574 void convert_priv_from_text(uint32 *se_priv, char *privilege)
580 /* By default no privilege */
581 init_privilege(se_priv);
586 while(next_token(&p, tok, " ", sizeof(tok)) ) {
587 for (i=0; i<=PRIV_ALL_INDEX; i++) {
588 if (StrCaseCmp(privs[i].priv, tok)==0)
589 add_privilege(se_priv, privs[i].se_priv);
594 /****************************************************************************
595 convert a privilege array to a privilege string
596 ****************************************************************************/
597 void convert_priv_to_text(uint32 *se_priv, char *privilege)
604 ZERO_STRUCTP(privilege);
606 if (check_empty_privilege(se_priv)) {
607 fstrcat(privilege, "No privilege");
611 while(i<PRIV_ALL_INDEX && se_priv[i]!=0) {
613 while (privs[j].se_priv!=se_priv[i])
616 fstrcat(privilege, privs[j].priv);
617 fstrcat(privilege, " ");
625 * High level functions
626 * better to use them than the lower ones.
628 * we are checking if the group is in the mapping file
629 * and if the group is an existing unix group
633 /* get a domain group from it's SID */
635 BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
639 DEBUG(10, ("get_domain_group_from_sid\n"));
641 /* if the group is NOT in the database, it CAN NOT be a domain group */
642 if(!get_group_map_from_sid(sid, map))
645 DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
647 /* if it's not a domain group, continue */
648 if (map->sid_name_use!=SID_NAME_DOM_GRP)
651 DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
656 DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid));
658 if ( (grp=getgrgid(map->gid)) == NULL)
661 DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
667 /* get a local (alias) group from it's SID */
669 BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map)
673 /* The group is in the mapping table */
674 if(get_group_map_from_sid(sid, map)) {
675 if (map->sid_name_use!=SID_NAME_ALIAS)
681 if ( (grp=getgrgid(map->gid)) == NULL)
684 /* the group isn't in the mapping table.
685 * make one based on the unix information */
688 sid_peek_rid(&sid, &alias_rid);
689 map->gid=pdb_user_rid_to_gid(alias_rid);
691 if ((grp=getgrgid(map->gid)) == NULL)
694 map->sid_name_use=SID_NAME_ALIAS;
696 fstrcpy(map->nt_name, grp->gr_name);
697 fstrcpy(map->comment, "Local Unix Group");
699 init_privilege(map->privileges);
701 sid_copy(&map->sid, &sid);
707 /* get a builtin group from it's SID */
709 BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map)
713 if(!get_group_map_from_sid(sid, map))
716 if (map->sid_name_use!=SID_NAME_WKN_GRP)
722 if ( (grp=getgrgid(map->gid)) == NULL)
730 /****************************************************************************
731 Returns a GROUP_MAP struct based on the gid.
732 ****************************************************************************/
733 BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
737 if ( (grp=getgrgid(gid)) == NULL)
741 * make a group map from scratch if doesn't exist.
743 if (!get_group_map_from_gid(gid, map)) {
745 map->sid_name_use=SID_NAME_ALIAS;
746 init_privilege(map->privileges);
748 sid_copy(&map->sid, &global_sam_sid);
749 sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
751 fstrcpy(map->nt_name, grp->gr_name);
752 fstrcpy(map->comment, "Local Unix Group");
761 /****************************************************************************
762 Get the member users of a group and
763 all the users who have that group as primary.
765 give back an array of uid
766 return the grand number of users
769 TODO: sort the list and remove duplicate. JFM.
771 ****************************************************************************/
773 BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
784 if ( (grp=getgrgid(gid)) == NULL)
788 DEBUG(10, ("getting members\n"));
790 while (gr && (*gr != (char)'\0')) {
791 u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
793 DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n"));
798 if( (pwd=getpwnam(gr)) !=NULL) {
799 (*uid)[*num_uids]=pwd->pw_uid;
802 gr = grp->gr_mem[++i];
804 DEBUG(10, ("got [%d] members\n", *num_uids));
807 while ((pwd=getpwent()) != NULL) {
808 if (pwd->pw_gid==gid) {
809 u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
811 DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n"));
815 (*uid)[*num_uids]=pwd->pw_uid;
821 DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids));
826 /****************************************************************************
827 Create a UNIX group on demand.
828 ****************************************************************************/
830 int smb_create_group(char *unix_group)
835 pstrcpy(add_script, lp_addgroup_script());
836 if (! *add_script) return -1;
837 pstring_sub(add_script, "%g", unix_group);
838 ret = smbrun(add_script,NULL);
839 DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
843 /****************************************************************************
844 Delete a UNIX group on demand.
845 ****************************************************************************/
847 int smb_delete_group(char *unix_group)
852 pstrcpy(del_script, lp_delgroup_script());
853 if (! *del_script) return -1;
854 pstring_sub(del_script, "%g", unix_group);
855 ret = smbrun(del_script,NULL);
856 DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
860 /****************************************************************************
861 Create a UNIX group on demand.
862 ****************************************************************************/
864 int smb_add_user_group(char *unix_group, char *unix_user)
869 pstrcpy(add_script, lp_addusertogroup_script());
870 if (! *add_script) return -1;
871 pstring_sub(add_script, "%g", unix_group);
872 pstring_sub(add_script, "%u", unix_user);
873 ret = smbrun(add_script,NULL);
874 DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
878 /****************************************************************************
879 Delete a UNIX group on demand.
880 ****************************************************************************/
882 int smb_delete_user_group(char *unix_group, char *unix_user)
887 pstrcpy(del_script, lp_deluserfromgroup_script());
888 if (! *del_script) return -1;
889 pstring_sub(del_script, "%g", unix_group);
890 pstring_sub(del_script, "%u", unix_user);
891 ret = smbrun(del_script,NULL);
892 DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));