From: Pavel Filipenský <pfilipen@redhat.com>
Date: Fri, 25 Mar 2022 10:11:50 +0000 (+0100)
Subject: s3:auth: Fix user_in_list() for UNIX groups
X-Git-Tag: tevent-0.12.0~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6dc463d3e2eb229df1c4f620cfcaf22ac71738d4;p=thirdparty%2Fsamba.git

s3:auth: Fix user_in_list() for UNIX groups

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Apr  7 09:49:44 UTC 2022 on sn-devel-184
---

diff --git a/selftest/knownfail.d/usernamemap b/selftest/knownfail.d/usernamemap
deleted file mode 100644
index 1c720fe892d..00000000000
--- a/selftest/knownfail.d/usernamemap
+++ /dev/null
@@ -1 +0,0 @@
-samba3.blackbox.smbclient_usernamemap.jacknomapper
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 70b4f320c5e..aa765c2a692 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -143,11 +143,11 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
 		return false;
 	}
 
-	DBG_DEBUG("Checking user %s in list\n", user);
-
 	while (*list) {
 		const char *p = *list;
-		bool ok;
+		bool check_unix_group = false;
+
+		DBG_DEBUG("Checking user '%s' in list '%s'.\n", user, *list);
 
 		/* Check raw username */
 		if (strequal(user, p)) {
@@ -155,11 +155,13 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
 		}
 
 		while (*p == '@' || *p == '&' || *p == '+') {
+			if (*p == '@' || *p == '+') {
+				check_unix_group = true;
+			}
 			p++;
 		}
 
-		ok = user_in_group(user, p);
-		if (ok) {
+		if (check_unix_group && user_in_group(user, p)) {
 			return true;
 		}