s3-lib: Fix %G substitution in AD member environment

If we are a domain member we should look up the user with the domain
name specified else it will only work if we have
'winbind use default domain' set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 619ca5f63c47ff8b021692aaa756dcb0d883b8dd)

diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 4e2ce9b7bc981bca331aeb7b451fb4d18bda9723..1f983274d99dc8970d303ef7835364e3ae641b11 100644 (file)
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -499,15 +499,18 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
                        break;
                case 'G' : {
                        struct passwd *pass;
+                       bool is_domain_name = false;
+                       const char *sep = lp_winbind_separator();
 
                        if (domain_name != NULL && domain_name[0] != '\0' &&
-                           !strequal(domain_name, my_sam_name()))
-                       {
+                           (lp_security() == SEC_ADS ||
+                            lp_security() == SEC_DOMAIN)) {
                                r = talloc_asprintf(tmp_ctx,
                                                    "%s%c%s",
                                                    domain_name,
-                                                   *lp_winbind_separator(),
+                                                   *sep,
                                                    smb_name);
+                               is_domain_name = true;
                        } else {
                                r = talloc_strdup(tmp_ctx, smb_name);
                        }
@@ -517,9 +520,18 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
 
                        pass = Get_Pwnam_alloc(tmp_ctx, r);
                        if (pass != NULL) {
-                               a_string = realloc_string_sub(
-                                       a_string, "%G",
-                                       gidtoname(pass->pw_gid));
+                               char *group_name;
+
+                               group_name = gidtoname(pass->pw_gid);
+                               if (is_domain_name) {
+                                       p = strchr_m(group_name, *sep);
+                                       if (p != NULL) {
+                                               group_name = p + 1;
+                                       }
+                               }
+                               a_string = realloc_string_sub(a_string,
+                                                             "%G",
+                                                             group_name);
                        }
                        TALLOC_FREE(pass);
                        break;