The branch, master has been updated
via 5de7c91e6d4 s3:smbd: Fix %U substitutions if it contains a domain
name
via 53b6dd95124 s3:tests: Add test for 'valid users = DOMAIN\%U'
from cf0cfa03ac6 s3: libads: Don't re-do DNS lookups in
ads_domain_func_level() if not needed.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5de7c91e6d4e98f438157a7675c8582cabdd828d
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 17 14:12:48 2020 +0200
s3:smbd: Fix %U substitutions if it contains a domain name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Wed Aug 19 06:43:10 UTC 2020 on sn-devel-184
commit 53b6dd951249052772e1ffcf651b7efd0963b931
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 17 13:39:58 2020 +0200
s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba3.pm | 4 ++++
source3/script/tests/test_substitutions.sh | 5 +++++
source3/smbd/share_access.c | 18 +++++++++++++++++-
3 files changed, 26 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 79feaa188ed..753af49cf67 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -714,6 +714,10 @@ sub provision_ad_member
path = $share_dir/D_%D/u_%u/g_%g
writeable = yes
+[sub_valid_users]
+ path = $share_dir
+ valid users = ADDOMAIN/%U
+
";
my $ret = $self->provision(
diff --git a/source3/script/tests/test_substitutions.sh
b/source3/script/tests/test_substitutions.sh
index 1a46f11c85d..c813a8f9def 100755
--- a/source3/script/tests/test_substitutions.sh
+++ b/source3/script/tests/test_substitutions.sh
@@ -34,4 +34,9 @@ SMB_UNC="//$SERVER/sub_dug2"
test_smbclient "Test login to share with substitution (Dug)" \
"ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+SMB_UNC="//$SERVER/sub_valid_users"
+
+test_smbclient "Test login to share with substitution for valid users" \
+ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+
exit $failed
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index 0b8f6e48e34..57754a0f766 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -79,7 +79,23 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx,
enum lsa_SidType type;
if (username != NULL) {
- name = talloc_sub_basic(mem_ctx, username, domain, name);
+ size_t domain_len = strlen(domain);
+
+ /* Check if username starts with domain name */
+ if (domain_len > 0) {
+ const char *sep = lp_winbind_separator();
+ int cmp = strncasecmp_m(username, domain, domain_len);
+ if (cmp == 0 && sep[0] == username[domain_len]) {
+ /* Move after the winbind separator */
+ domain_len += 1;
+ } else {
+ domain_len = 0;
+ }
+ }
+ name = talloc_sub_basic(mem_ctx,
+ username + domain_len,
+ domain,
+ name);
}
if (sharename != NULL) {
name = talloc_string_sub(mem_ctx, name, "%S", sharename);
--
Samba Shared Repository
