samba - Jul 2004 - bug in parsing the 'username map' in 3.0.5pre1

Hi Jerry et al,

the parsing of the 'username map' file seems to be broken in 3.0.5pre1
and
a few earlier releases. The '!' at the beginning of a line is ignored.
Something like

!lp = lp
!chbeyer = chbeyer
!guest = guest
nobody = *

doesn't work anymore :-(

from the man page:

[ snip ]
          If any line begins with an '!' then the processing will
          stop after that line if a mapping was done by the line.
          Otherwise mapping continues with every line being  pro-
          cessed.  Using '!' is most useful when you have a wild-
          card mapping line later in the file.
[ snip ]

best regards
	~christoph


-- 
/*   Christoph Beyer     |   Office: Building 2b / 23     *\
 *   DESY                |    Phone: 040-8998-2317        *
 *   - IT -              |      Fax: 040-8998-4060        *
\*   22603 Hamburg       |     http://www.desy.de         */

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

christoph.beyer@desy.de wrote:
| Hi Jerry et al,
|
| the parsing of the 'username map' file seems to be
| broken in 3.0.5pre1 and a few earlier releases. The '!'
| at the beginning of a line is ignored. Something like
|
| !lp = lp
| !chbeyer = chbeyer
| !guest = guest
| nobody = *
|
| doesn't work anymore :-(
|
| from the man page:
|
| [ snip ]
|           If any line begins with an '!' then the processing will
|           stop after that line if a mapping was done by the line.
|           Otherwise mapping continues with every line being  pro-
|           cessed.  Using '!' is most useful when you have a wild-
|           card mapping line later in the file.
| [ snip ]

I'll look into it.  Please send me your smb,conf.




cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA6pepIR7qMdg1EfYRAu8iAKCxeSd46YB4T0YJ9GJM7cgLQfiviQCgj80I
Hqz6Ecg8CyLxW0Z9D30l0lQ=ulfw
-----END PGP SIGNATURE-----

christoph.beyer@desy.de wrote:
> Hi Jerry et al,
> 
> the parsing of the 'username map' file seems to be broken in
3.0.5pre1 and
> a few earlier releases. The '!' at the beginning of a line is
ignored.
> Something like
> 
> !lp = lp
> !chbeyer = chbeyer
> !guest = guest
> nobody = *
You might be facing Samba Bug #1297, where the problem is that the
username map is unexpectedly consulted twice. The bug discussion also 
includes a band-aid which worked for me, e.g. having in smbusers

   !unixuser = ntuser
   !unixuser = NTDOMAIN/unixuser

helps me to map ntuser into unixuser (in my case unixuser does not
exist as domain user; I guess the point would be moot otherwise).
You might have to put the two lines directly as shown, i.e. one
after another with nothing in between.

Hope this helps,
Davide Bolcioni
-- 
There is no place like /home.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Could you both (and anyone else having 'username map'
problems in 3.0.4 or later)  try this patch which hopefully
fixes the username map bug.

Thanks.  Let me know how it goes.




cheers, jerry


| the parsing of the 'username map' file seems to be
| broken in 3.0.5pre1 and a few earlier releases. The '!'
| at the beginning of a line is ignored. Something like
|
| !lp = lp
| !chbeyer = chbeyer
| !guest = guest
| nobody = *
|
| doesn't work anymore :-(
|
| from the man page:
|
| [ snip ]
|           If any line begins with an '!' then the processing will
|           stop after that line if a mapping was done by the line.
|           Otherwise mapping continues with every line being  pro-
|           cessed.  Using '!' is most useful when you have a wild-
|           card mapping line later in the file.
| [ snip ]



- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA6xsZIR7qMdg1EfYRAnzFAKChF7QIKOcWfVMw0x/7SfU3O1nhZQCfU/Fc
5ueDSSX0axBqQOSdVH/n7F4=Aka7
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: smbd/sesssetup.c
==================================================================---
smbd/sesssetup.c	(revision 1369)
+++ smbd/sesssetup.c	(working copy)
@@ -242,6 +242,8 @@
 	
 	/* lookup the passwd struct, create a new user if necessary */
 
+	map_username( user );
+
 	pw = smb_getpwnam( user, real_username, True );
 	
 	if (!pw) {
Index: auth/auth_util.c
==================================================================---
auth/auth_util.c	(revision 1369)
+++ auth/auth_util.c	(working copy)
@@ -972,25 +972,25 @@
 {
 	struct passwd *pw = NULL;
 	char *p;
-	fstring mapped_username;
-	fstring strip_username;
+	fstring username;
 	
 	/* we only save a copy of the username it has been mangled 
 	   by winbindd use default domain */
 	   
 	save_username[0] = '\0';
-	
-	/* save a local copy of the username and run it through the 
-	   username map */
 	   
-	fstrcpy( mapped_username, domuser );
-	map_username( mapped_username );	
+	/* don't call map_username() here since it has to be done higher 
+	   up the stack so we don't call it mutliple times */
+
+	fstrcpy( username, domuser );
 	
-	p = strchr_m( mapped_username, *lp_winbind_separator() );
+	p = strchr_m( username, *lp_winbind_separator() );
 	
 	/* code for a DOMAIN\user string */
 	
 	if ( p ) {
+		fstring strip_username;
+
 		pw = Get_Pwnam( domuser );
 		if ( pw ) {	
 			/* make sure we get the case of the username correct */
@@ -999,8 +999,10 @@
 			if ( !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
 				char *domain;
 				
-				domain = mapped_username;
+				/* split the domain and username into 2 strings */
 				*p = '\0';
+				domain = username;
+
 				fstr_sprintf(save_username, "%s%c%s", domain,
*lp_winbind_separator(), pw->pw_name);
 			}
 			else
@@ -1011,26 +1013,26 @@
 		}
 
 		/* setup for lookup of just the username */
-		/* remember that p and mapped_username are overlapping memory */
+		/* remember that p and username are overlapping memory */
 
 		p++;
 		fstrcpy( strip_username, p );
-		fstrcpy( mapped_username, strip_username );
+		fstrcpy( username, strip_username );
 	}
 	
 	/* just lookup a plain username */
 	
-	pw = Get_Pwnam(mapped_username);
+	pw = Get_Pwnam(username);
 		
 	/* Create local user if requested. */
 	
 	if ( !pw && create ) {
 		/* Don't add a machine account. */
-		if (mapped_username[strlen(mapped_username)-1] == '$')
+		if (username[strlen(username)-1] == '$')
 			return NULL;
 
-		auth_add_user_script(NULL, mapped_username);
-		pw = Get_Pwnam(mapped_username);
+		auth_add_user_script(NULL, username);
+		pw = Get_Pwnam(username);
 	}
 	
 	/* one last check for a valid passwd struct */