From: Andreas Schneider Date: Mon, 17 Aug 2020 12:12:48 +0000 (+0200) Subject: s3:smbd: Fix %U substitutions if it contains a domain name X-Git-Tag: samba-4.12.8~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60ddb7b20071b00f0cd7f1cb818022220eb0c279;p=thirdparty%2Fsamba.git s3:smbd: Fix %U substitutions if it contains a domain name 'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 5de7c91e6d4e98f438157a7675c8582cabdd828d) --- diff --git a/selftest/knownfail.d/samba3.substiutions b/selftest/knownfail.d/samba3.substiutions deleted file mode 100644 index f116d3b2fcf..00000000000 --- a/selftest/knownfail.d/samba3.substiutions +++ /dev/null @@ -1 +0,0 @@ -^samba3.substitutions.Test.login.to.share.with.substitution.for.valid.users diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index 0b8f6e48e34..57754a0f766 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -79,7 +79,23 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx, enum lsa_SidType type; if (username != NULL) { - name = talloc_sub_basic(mem_ctx, username, domain, name); + size_t domain_len = strlen(domain); + + /* Check if username starts with domain name */ + if (domain_len > 0) { + const char *sep = lp_winbind_separator(); + int cmp = strncasecmp_m(username, domain, domain_len); + if (cmp == 0 && sep[0] == username[domain_len]) { + /* Move after the winbind separator */ + domain_len += 1; + } else { + domain_len = 0; + } + } + name = talloc_sub_basic(mem_ctx, + username + domain_len, + domain, + name); } if (sharename != NULL) { name = talloc_string_sub(mem_ctx, name, "%S", sharename);