summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2008-09-11 09:51:39 -0400
committerSimo Sorce <idra@samba.org>2008-09-11 09:51:39 -0400
commitf25863e04cf3264575545701cb257bac8f0aee82 (patch)
tree6ae378b205d934582378a6db5ce615ac25d895cb /source3/winbindd
parenta2919ddd38939a9a979adc8778fb88a9bb2499f8 (diff)
downloadsamba-f25863e04cf3264575545701cb257bac8f0aee82.tar.gz
samba-f25863e04cf3264575545701cb257bac8f0aee82.tar.bz2
samba-f25863e04cf3264575545701cb257bac8f0aee82.zip
Fix for bug 5571
Make sure that usernames are parsed using the correct separator. Otherwise group memeberships in winbind may be result broken. (This used to be commit 20b9c0aa7b4e6d6be5bb6e4e96bd8a1cbb6edd37)
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_group.c2
-rw-r--r--source3/winbindd/winbindd_proto.h1
-rw-r--r--source3/winbindd/winbindd_util.c25
3 files changed, 27 insertions, 1 deletions
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 21ee8951b5..4d5026d158 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -607,7 +607,7 @@ static bool fill_grent_mem(struct winbindd_domain *domain,
} else {
DEBUG(10, ("appending %s at ndx %d\n",
names[i], buf_ndx));
- safe_strcpy(&buf[buf_ndx], names[i], len);
+ parse_add_domuser(&buf[buf_ndx], names[i], &len);
buf_ndx += len;
buf[buf_ndx] = ',';
buf_ndx++;
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index c5b7b07931..e0fc073a0a 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -566,6 +566,7 @@ void free_getent_state(struct getent_state *state);
bool parse_domain_user(const char *domuser, fstring domain, fstring user);
bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
char **domain, char **user);
+void parse_add_domuser(void *buf, char *domuser, int *len);
bool canonicalize_username(fstring username_inout, fstring domain, fstring user);
void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume);
const char *get_winbind_pipe_dir(void) ;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 83c5053f78..132c96f1ee 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1138,6 +1138,31 @@ bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
return ((*domain != NULL) && (*user != NULL));
}
+/* add a domain user name to a buffer */
+void parse_add_domuser(void *buf, char *domuser, int *len)
+{
+ fstring domain;
+ char *p, *user;
+
+ user = domuser;
+ p = strchr(domuser, *lp_winbind_separator());
+
+ if (p) {
+
+ fstrcpy(domain, domuser);
+ domain[PTR_DIFF(p, domuser)] = 0;
+ p++;
+
+ if (assume_domain(domain)) {
+
+ user = p;
+ *len -= (PTR_DIFF(p, domuser));
+ }
+ }
+
+ safe_strcpy(buf, user, *len);
+}
+
/* Ensure an incoming username from NSS is fully qualified. Replace the
incoming fstring with DOMAIN <separator> user. Returns the same
values as parse_domain_user() but also replaces the incoming username.