Safe netbios characters
Christopher R. Hertel
crh at nts.umn.edu
Thu Jan 17 14:24:07 GMT 2002
It is important to note that the username is not, initially, a NetBIOS
name. It only becomes a NetBIOS name when services (the messanger
service, in this case) register the user name as a NetBIOS name.
NetBIOS names are always written in 8-bit mode. Any value except the nul
byte (0x00) is permitted in a NetBIOS name (consider the MSBROWSE name)
as long as it can be encoded. There is only one other exception and that
is that a name may not begin with an asterisk ('*'), per RFC1001/1002.
That said, there are a lot of reasons why the ! should not be allowed in
a username. The ! character has meaning in internet E'mail routing. It
used to be used in uucp mail addresses and *is still recognized* as a
valid separator. So: samba!crh at ubiqx.org would mean "route the message
to ubiqx.org and ask ubiqx.org to route it via uucp to node samba and
then to user crh".
> TAKAHASHI Motonobu wrote:
> > Tim Potter wrote:
> > >I'm not sure whether this patch is complete. According to the User
> > >Manager the following characters can't be present in a username:
> > >"/\:;|=,+*?<>
> > >
> > >Not sure about domain names though. Also the space character is
> > >specifically allowed in both domain and usernames!
> > If you imagine Japanese, more and more characters should be available.
> > "What character is valid" depends on the codepage, so it should depend
> > on "client code page" parameter if strictly or all characters except
> > some dangerous chars need to be available, I think.
> If we do it that way we *will* miss some.
> The idea is that this check is *parinoid*. All efforts to change
> 'alpha_strcpy' to be less paranoid will meet with my strongest
> opposition. This includes efforts to make it 'mulitbyte aware'.
> This code is there becouse people use these variables in % macro
> expansion. As such we need this parinoia.
> When I get a chance I intend to allow at least some more flexability in
> HEAD by allowing strange characters in the name we use for processing
> username maps and the name we pass to the DC but not the name we use the
> the %U expansions.
> I have not yet looked at what to do for actual unix usernames.
> Andrew Bartlett
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz
More information about the samba-technical