SMBC_parse_path doesn't seem to handle special characters

Eduardo Kienetz eduardo at kienetz.com
Tue Jan 19 16:30:09 MST 2010


Hello guys,

This is my first post to this list and also one of my first incursions
into some major C code (I consider myself a C beginner).
Anyway, I've downloaded libsmbclient-php from the original author's
site, and improved it (http://github.com/eduardok/libsmbclient-php) so
that I could use in a web-based shares' browser. As you can imagine it
uses libsmbclient (smbc_opendir(), etc).
Everything was just perfect on my tests, until my boss took my code to
put in the production server. He tested and it wouldn't work, which we
soon figured to be due to his password containing a special character
(in this case a slash /).
So, investigating further I found out that smbget has the same
problem, as well as anything that uses SMBC_parse_path.
The attached patch fixes the problem for the / (and likely many other
special characters used in the password).
However, given that we use

   next_token_no_ltrim_talloc(ctx, &p, &userinfo, "@");

to continue parsing the user information (user and password), I
stumbled into the 'same' problem as the few lines before (which I
fixed by looking for the last @ before the last / and not the first @
as before). Ideally there should be a way to allow us to search for
the last token '@' and not the next '@' (perhaps there's one
already?).

Since a file can contain @ but not / , I had to do the search for the
last / and make sure we got the last @ is before that (okay, you
probably got it by now...). E.g.:
smb://user:pass/w@rd@server/share/f@st.txt

A share can also contain an @ (how about the server?), but at least
it's something we can control more easily, differently from having to
tell users not to create files with @ $ # % ; ' .~ and such. Strong
passwords are also advised, so I won't even go into that ;)

Anyway, the attached patch certainly works to allow passwords
containing slash, but likely work for a bunch of other special
characters, but certainly not for passwords containing @ (and maybe
also not ones containing : and ; as they are also referred in the code
soon after the @ one). I don't know if it's worth using or if there is
any alternativecoming up, etc. Please advise.

Phew, hope you can get the idea, English is not my first language (I'm
Brazilian).

[1] Strong passwords symbols:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_tips.mspx?mfr=true

Thanks for your work!

Best regards,

Eduardo Bacchi Kienetz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-SMBC_parse_path-handle-special-characters-in-th.patch
Type: application/octet-stream
Size: 1707 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100119/af2e3586/attachment.obj>


More information about the samba-technical mailing list