[PATCH 2/2] rpc: allow trailing dollar sign in user names
Sergey Yanovich
ynvich at gmail.com
Tue Jun 3 22:48:05 GMT 2008
Signed-off-by: Sergey Yanovich <ynvich at gmail.com>
---
source/rpc_server/srv_samr_nt.c | 6 +++---
source/smbd/chgpasswd.c | 6 ++++--
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index a89e00f..e35a0f6 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -3964,9 +3964,9 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd,
}
/* if it's a trust account, don't update /etc/passwd */
- if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
- ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
- ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
+ if ((lp_security() != SEC_ADS) &&
+ (acct_ctrl & (ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST)))
+ {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
} else {
/* update the UNIX password */
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index 2596e73..423bd32 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -594,7 +594,8 @@ the string %%u, and the given string %s does not.\n", passwordprogram ));
}
}
- passwordprogram = talloc_string_sub(ctx, passwordprogram, "%u", name);
+ passwordprogram = talloc_string_sub2(ctx, passwordprogram, "%u", name,
+ true, false, true);
if (!passwordprogram) {
return false;
}
@@ -603,7 +604,8 @@ the string %%u, and the given string %s does not.\n", passwordprogram ));
as this would open up a security hole where the user could use
a new password containing shell escape characters */
- chatsequence = talloc_string_sub(ctx, chatsequence, "%u", name);
+ chatsequence = talloc_string_sub2(ctx, chatsequence, "%u", name, true,
+ false, true);
if (!chatsequence) {
return false;
}
--
1.5.5.1
More information about the samba-technical
mailing list