bug in 2.2.1

Jeremy Allison jeremy at valinux.com
Wed Jul 11 18:21:35 GMT 2001 

Toomas Soome wrote:
> 
> FYI, posted to bugs.samba.org already.
> 
> I tried to become domain member - with no success.
> 
> anyway, I have found lines like followin in log:
> [2001/07/11 17:15:22, 3] smbd/reply.c:reply_sesssetup_and_X(876)
>   sesssetupX:name=[IPV6X_]
> [2001/07/11 17:15:22, 6] param/loadparm.c:lp_file_list_changed(2144)
>   lp_file_list_changed()
>   file /var/samba/etc/smb.conf -> /var/samba/etc/smb.conf  last
> mod_time: Wed Ju
> l 11 17:05:24 2001
> 
> [2001/07/11 17:15:22, 1] smbd/password.c:pass_check_smb(546)
>   Couldn't find user 'ipv6x_' in UNIX password database.
> [2001/07/11 17:15:22, 2] smbd/reply.c:reply_sesssetup_and_X(980)
>   NT Password did not match for user 'ipv6x_'!
> 
> Where did the $ gone? it's removed in smbd/reply.c:870 .....
> 
> after adding $ to safe_chars parameter, I was able to successfully
> became domain member.
> 
> so, the fix is simple:
> 
> Index: reply.c
> ===================================================================
> RCS file: /cvsroot/samba/source/smbd/reply.c,v
> retrieving revision 1.240.2.51
> diff -u -r1.240.2.51 reply.c
> --- reply.c     6 Jul 2001 06:19:48 -0000       1.240.2.51
> +++ reply.c     11 Jul 2001 17:52:21 -0000
> @@ -867,7 +867,7 @@
>    }
> 
>    /* don't allow strange characters in usernames or domains */
> -  alpha_strcpy(user, user, ". _-", sizeof(user));
> +  alpha_strcpy(user, user, "$. _-", sizeof(user));
>    alpha_strcpy(domain, domain, ". _-", sizeof(domain));
>    if (strstr(user, "..") || strstr(domain,"..")) {
>           return bad_password_error(inbuf, outbuf);

Thanks Toomas, if I can reproduce this I'll quickly do
a 2.2.1a with this fix. NT4 is still very important.

I just checked with W2K and it's not susceptible to this
bug (which is why it passed through my Q/A before ship, damn).

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------

More information about the samba-technical mailing list