Safe netbios characters

MCCALL,DON (HP-USA,ex1) don_mccall at
Thu Jan 17 14:38:07 GMT 2002

Hi Andrew,
I have to agree - we have already seen last year a couple of 'attacks' via
the macros with usernames/machinenames (I forget which) where having a
couple of dots in it allowed the macros to 'climb' back up the tree to
execute....  We need to be careful here...
my 2 cents worth,

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at]
Sent: Thursday, January 17, 2002 4:59 PM
To: TAKAHASHI Motonobu
Cc: tpot at; jholland at;
samba-technical at
Subject: Re: Safe netbios characters

TAKAHASHI Motonobu wrote:
> Tim Potter wrote:
> >I'm not sure whether this patch is complete.  According to the User
> >Manager the following characters can't be present in a username:
> >"/\[]:;|=,+*?<>
> >
> >Not sure about domain names though.  Also the space character is
> >specifically allowed in both domain and usernames!
> If you imagine Japanese, more and more characters should be available.
> "What character is valid" depends on the codepage, so it should depend
> on "client code page" parameter if strictly or all characters except
> some dangerous chars need to be available, I think.

If we do it that way we *will* miss some.

The idea is that this check is *parinoid*.  All efforts to change
'alpha_strcpy' to be less paranoid will meet with my strongest
opposition.  This includes efforts to make it 'mulitbyte aware'.

This code is there becouse people use these variables in % macro
expansion.  As such we need this parinoia.  

When I get a chance I intend to allow at least some more flexability in
HEAD by allowing strange characters in the name we use for processing
username maps and the name we pass to the DC but not the name we use the
the %U expansions.

I have not yet looked at what to do for actual unix usernames.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list