Fix for bug 5571

Make sure that usernames are parsed using the correct separator.
Otherwise group memeberships in winbind may be result broken.
(This used to be commit 20b9c0aa7b4e6d6be5bb6e4e96bd8a1cbb6edd37)

diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 21ee8951b5735a91229b8787c3781bc6ff57b30b..4d5026d158dabea21e5aa90c8ae2a72ecb886d92 100644 (file)
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -607,7 +607,7 @@ static bool fill_grent_mem(struct winbindd_domain *domain,
                } else {
                        DEBUG(10, ("appending %s at ndx %d\n",
                                   names[i], buf_ndx));
-                       safe_strcpy(&buf[buf_ndx], names[i], len);
+                       parse_add_domuser(&buf[buf_ndx], names[i], &len);
                        buf_ndx += len;
                        buf[buf_ndx] = ',';
                        buf_ndx++;

diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index c5b7b079316e8d15e6fa3b4ca00d92c8906fb8de..e0fc073a0a5456a43fb82cc0150067154dae2b43 100644 (file)
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -566,6 +566,7 @@ void free_getent_state(struct getent_state *state);
 bool parse_domain_user(const char *domuser, fstring domain, fstring user);
 bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
                              char **domain, char **user);
+void parse_add_domuser(void *buf, char *domuser, int *len);
 bool canonicalize_username(fstring username_inout, fstring domain, fstring user);
 void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume);
 const char *get_winbind_pipe_dir(void) ;

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 83c5053f78140a3f51e4dfd50ae3d46035abf872..132c96f1eefb6d7013dcc5e0fadbcd49273130ef 100644 (file)
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1138,6 +1138,31 @@ bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
        return ((*domain != NULL) && (*user != NULL));
 }
 
+/* add a domain user name to a buffer */
+void parse_add_domuser(void *buf, char *domuser, int *len)
+{
+       fstring domain;
+       char *p, *user;
+
+       user = domuser;
+       p = strchr(domuser, *lp_winbind_separator());
+
+       if (p) {
+
+               fstrcpy(domain, domuser);
+               domain[PTR_DIFF(p, domuser)] = 0;
+               p++;
+
+               if (assume_domain(domain)) {
+
+                       user = p;
+                       *len -= (PTR_DIFF(p, domuser));
+               }
+       }
+
+       safe_strcpy(buf, user, *len);
+}
+
 /* Ensure an incoming username from NSS is fully qualified. Replace the
    incoming fstring with DOMAIN <separator> user. Returns the same
    values as parse_domain_user() but also replaces the incoming username.