Safe netbios characters

Ihar Viarheichyk i.viarheichyk at
Fri Jan 18 02:22:04 GMT 2002

On Fri, Jan 18, 2002 at 08:58:31AM +1100, Andrew Bartlett wrote:
> > 
> > If you imagine Japanese, more and more characters should be available.
> > "What character is valid" depends on the codepage, so it should depend
> > on "client code page" parameter if strictly or all characters except
> > some dangerous chars need to be available, I think.
> If we do it that way we *will* miss some.
> The idea is that this check is *parinoid*.  All efforts to change
> 'alpha_strcpy' to be less paranoid will meet with my strongest
> opposition.  This includes efforts to make it 'mulitbyte aware'.

But such paranoid check does not allow Samba work with usernames in
native languages, which are not so rare in Windows environment.

> This code is there becouse people use these variables in % macro
> expansion.  As such we need this parinoia.  
> When I get a chance I intend to allow at least some more flexability in
> HEAD by allowing strange characters in the name we use for processing
> username maps and the name we pass to the DC but not the name we use the
> the %U expansions.
Moving such paranoid check to substitution code only is a partial
solution also. This allows use e.g. Russian nams in authorization, but
not in substitution, while these characters are 'safe' in most platforms
and therefore can be used in substitution.

Maybe, the better solution is different levels of paranoia:
1. Allow only ascii characters
2. Allow ascii and letter characters
3. Allow all characters except 'invalid' ones

> I have not yet looked at what to do for actual unix usernames.

Igor Vergeichik
ICQ 47298730

More information about the samba-technical mailing list