[Samba] "@" doesn't work in the NT domain name

[jra at dp.samba.org]

On Thu, Sep 19, 2002 at 04:30:44PM -0400, dave.andruczyk at valeo.com wrote:
> 
> I am part of a large worldwide Active Directory and all of our individual
> site NT domain names have an  ampersand symbol in them
> (for example: VWS at ROCHESTER)  Samba 2.2.6pre2 and older won't join this
> domain name, or allow connections to it from users in this domain.  The
> logs state that the domain name is "VWS_ROCHESTER",  the code is squashing
> the @ to an _ causing all authentification attempts to fail.  Since we are
> migrating to this domain, all of our samba servers will NOT function for
> users connecting from the AD domains due to the domain-name mangling.
> 
> I was told this was done as part of a security audit to the samba code, but
> it breaks compatibility in a major way. Ampersands are VALID in a netbios
> domain name, just not in a machine name (AFAIK), but samba doesn't comply
> in this regard.  Since changing the netbios domain names of our win2k
> domains is not possible, I need a fix ASAP.  Any suggestions?

Try the following patch - please let me know if it fixes the problem.

Thanks,

	Jeremy.

Index: smbd/reply.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.117
diff -u -r1.240.2.117 reply.c
--- smbd/reply.c        11 Sep 2002 01:05:18 -0000      1.240.2.117
+++ smbd/reply.c        20 Sep 2002 02:20:13 -0000
@@ -860,7 +860,7 @@

   /* don't allow strange characters in usernames or domains */
   alpha_strcpy(user, user, ". _-$", sizeof(user));
-  alpha_strcpy(domain, domain, ". _-", sizeof(domain));
+  alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
   if (strstr(user, "..") || strstr(domain,"..")) {
          return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
   }