s3:auth: Fix user_in_list() for UNIX groups

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Apr  7 09:49:44 UTC 2022 on sn-devel-184

diff --git a/selftest/knownfail.d/usernamemap b/selftest/knownfail.d/usernamemap
deleted file mode 100644 (file)
index 1c720fe..0000000
--- a/selftest/knownfail.d/usernamemap
+++ /dev/null
@@ -1 +0,0 @@
-samba3.blackbox.smbclient_usernamemap.jacknomapper

diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 70b4f320c5ec29768cfe83f39bf83f21daa0fa76..aa765c2a692844595d855c6ad5d60a42a2904f5d 100644 (file)
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -143,11 +143,11 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
                return false;
        }
 
-       DBG_DEBUG("Checking user %s in list\n", user);
-
        while (*list) {
                const char *p = *list;
-               bool ok;
+               bool check_unix_group = false;
+
+               DBG_DEBUG("Checking user '%s' in list '%s'.\n", user, *list);
 
                /* Check raw username */
                if (strequal(user, p)) {
@@ -155,11 +155,13 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
                }
 
                while (*p == '@' || *p == '&' || *p == '+') {
+                       if (*p == '@' || *p == '+') {
+                               check_unix_group = true;
+                       }
                        p++;
                }
 
-               ok = user_in_group(user, p);
-               if (ok) {
+               if (check_unix_group && user_in_group(user, p)) {
                        return true;
                }