Prepending "\" to user name w/Win98 Domain Login

Simo Sorce idra at samba.org
Sun Aug 18 08:20:02 GMT 2002 

I've just looked at the code, and it retest later with username only if
it has not got access with the domain name set, so I see no problems at
all. Can you provide more informations eventually? 

On Fri, 2002-08-16 at 17:21, Jeff Mandel wrote: 
[snip]
> This call supposedly validates the <domain>\<user> string.
> On Solaris, with NIS a win98 box tries to connect to a samba PDC. 
> There's no domain name passed by the win98 client, but the setup for the 
> string is <domain><winbindseparator><user>.

look a few lines later it does another sys_getpwnam() with user name
only. 
 
> There's no domain - the string is now <><\><user>
> 1) If there's no domain, why would a winbind separator do something useful?

see above 

> 2) The wacky thing here is that \user actually returns successful with NIS.
> jeff at host% getent passwd jeff
> jeff:x:6789:6789::/export/home/jeff:/bin/ksh
> jeff at host% getent passwd \jeff
> jeff:x:6789:6789::/export/home/jeff:/bin/ksh

this test is not right you should write \\jeff to check if NIS really
ignores a leading \ because \ is an escape and the shell will interpret 
\j as pure j 


I've just setup a linux NIS server and couldn't reproduce this bug, BTW

> 3) The valadation doesn't really validate in this case since the value 
> used is not what the sytem returned: \jeff != jeff, but the check in 
> reply.c is only for != NULL. When this gets looked up the the samba 
> password db, failure is certain. There's no \jeff in the samba password 
> database.

what != NULL case do you refer to? 

>   sesssetupX:name=[JEFF]
> [2002/08/11 12:21:44, 3] smbd/reply.c:reply_sesssetup_and_X(929)
>   Using unix username \JEFF
> [2002/08/11 12:21:44, 2] smbd/reply.c:reply_sesssetup_and_X(982)
>   Defaulting to Lanman password for \jeff
> [2002/08/11 12:21:44, 1] smbd/password.c:pass_check_smb(545)
>   Couldn't find user '\jeff' in passdb.
> [2002/08/11 12:21:44, 1] smbd/reply.c:reply_sesssetup_and_X(998)
>   Rejecting user '\jeff': authentication failed

This log seem to avail your claim, can you provide informations about
client OS, NIS server OS, samba version ....

> 4) When the client is win2k which passes a domain in, this code is 
> called to lookup getpwnam(<domain><sep><user>). Without some special 
> module, when would a unix system ever return a positive response to this 
> kind of lookup?

see above (if that lookup fails, username alone is tested)

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-- 
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org

More information about the samba-technical mailing list