From 60ddb7b20071b00f0cd7f1cb818022220eb0c279 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 17 Aug 2020 14:12:48 +0200 Subject: [PATCH] s3:smbd: Fix %U substitutions if it contains a domain name 'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 5de7c91e6d4e98f438157a7675c8582cabdd828d) --- selftest/knownfail.d/samba3.substiutions | 1 - source3/smbd/share_access.c | 18 +++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) delete mode 100644 selftest/knownfail.d/samba3.substiutions diff --git a/selftest/knownfail.d/samba3.substiutions b/selftest/knownfail.d/samba3.substiutions deleted file mode 100644 index f116d3b2fcf..00000000000 --- a/selftest/knownfail.d/samba3.substiutions +++ /dev/null @@ -1 +0,0 @@ -^samba3.substitutions.Test.login.to.share.with.substitution.for.valid.users diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index 0b8f6e48e34..57754a0f766 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -79,7 +79,23 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx, enum lsa_SidType type; if (username != NULL) { - name = talloc_sub_basic(mem_ctx, username, domain, name); + size_t domain_len = strlen(domain); + + /* Check if username starts with domain name */ + if (domain_len > 0) { + const char *sep = lp_winbind_separator(); + int cmp = strncasecmp_m(username, domain, domain_len); + if (cmp == 0 && sep[0] == username[domain_len]) { + /* Move after the winbind separator */ + domain_len += 1; + } else { + domain_len = 0; + } + } + name = talloc_sub_basic(mem_ctx, + username + domain_len, + domain, + name); } if (sharename != NULL) { name = talloc_string_sub(mem_ctx, name, "%S", sharename); -- 2.47.2