diff options
author | Pavel Filipenský <pfilipen@redhat.com> | 2022-03-25 11:11:50 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-04-11 08:51:01 +0000 |
commit | ef77abc2c4903b62da501dddc1e9e0c75b979899 (patch) | |
tree | 03e940d5c9e69a387265d842838a5cadfa911c01 | |
parent | 5e59bd41a8cce710bee8199951dd30b1792ec7b7 (diff) | |
download | samba-ef77abc2c4903b62da501dddc1e9e0c75b979899.tar.gz |
s3:auth: Fix user_in_list() for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Apr 7 09:49:44 UTC 2022 on sn-devel-184
(cherry picked from commit 6dc463d3e2eb229df1c4f620cfcaf22ac71738d4)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Apr 11 08:51:01 UTC 2022 on sn-devel-184
-rw-r--r-- | selftest/knownfail.d/usernamemap | 1 | ||||
-rw-r--r-- | source3/auth/user_util.c | 12 |
2 files changed, 7 insertions, 6 deletions
diff --git a/selftest/knownfail.d/usernamemap b/selftest/knownfail.d/usernamemap deleted file mode 100644 index 1c720fe892d..00000000000 --- a/selftest/knownfail.d/usernamemap +++ /dev/null @@ -1 +0,0 @@ -samba3.blackbox.smbclient_usernamemap.jacknomapper diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c index 70b4f320c5e..aa765c2a692 100644 --- a/source3/auth/user_util.c +++ b/source3/auth/user_util.c @@ -143,11 +143,11 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list) return false; } - DBG_DEBUG("Checking user %s in list\n", user); - while (*list) { const char *p = *list; - bool ok; + bool check_unix_group = false; + + DBG_DEBUG("Checking user '%s' in list '%s'.\n", user, *list); /* Check raw username */ if (strequal(user, p)) { @@ -155,11 +155,13 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list) } while (*p == '@' || *p == '&' || *p == '+') { + if (*p == '@' || *p == '+') { + check_unix_group = true; + } p++; } - ok = user_in_group(user, p); - if (ok) { + if (check_unix_group && user_in_group(user, p)) { return true; } |