[PATCH 2/2] rpc: allow trailing dollar sign in user names

Sergey Yanovich ynvich at gmail.com
Tue Jun 3 22:48:05 GMT 2008


Signed-off-by: Sergey Yanovich <ynvich at gmail.com>
---
 source/rpc_server/srv_samr_nt.c |    6 +++---
 source/smbd/chgpasswd.c         |    6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index a89e00f..e35a0f6 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -3964,9 +3964,9 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd,
 	}
 
 	/* if it's a trust account, don't update /etc/passwd */
-	if ( ( (acct_ctrl &  ACB_DOMTRUST) == ACB_DOMTRUST ) ||
-		( (acct_ctrl &  ACB_WSTRUST) ==  ACB_WSTRUST) ||
-		( (acct_ctrl &  ACB_SVRTRUST) ==  ACB_SVRTRUST) ) {
+	if ((lp_security() != SEC_ADS) &&
+	    (acct_ctrl & (ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST)))
+	{
 		DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
 	} else {
 		/* update the UNIX password */
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index 2596e73..423bd32 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -594,7 +594,8 @@ the string %%u, and the given string %s does not.\n", passwordprogram ));
 		}
 	}
 
-	passwordprogram = talloc_string_sub(ctx, passwordprogram, "%u", name);
+	passwordprogram = talloc_string_sub2(ctx, passwordprogram, "%u", name,
+			true, false, true);
 	if (!passwordprogram) {
 		return false;
 	}
@@ -603,7 +604,8 @@ the string %%u, and the given string %s does not.\n", passwordprogram ));
 	   as this would open up a security hole where the user could use
 	   a new password containing shell escape characters */
 
-	chatsequence = talloc_string_sub(ctx, chatsequence, "%u", name);
+	chatsequence = talloc_string_sub2(ctx, chatsequence, "%u", name, true,
+			false, true);
 	if (!chatsequence) {
 		return false;
 	}
-- 
1.5.5.1



More information about the samba-technical mailing list