[Samba] NT User ID with apostrophe

[Jeremy Allison]

On Mon, Dec 08, 2003 at 12:47:28PM -0500, Hall, Ken (IDS ECCS) wrote:
> I have a few users who have ID's in NT domain and AD that contain apostrophes, such as O'Neill (fo'neill) , and O'Toole (go'toole).  I've been trying to give them access to shares, but Samba doesn't
> seem to like this very much.
> 
> I've been able to set up the ID's in our LDAP server so file ownership works, but according to the log messages, Samba DOMAIN authentication seems to substitute an underscore (go_toole) for the
> apostrophe when sending the request to AD. Of course, AD comes back with NT_STATUS_NO_SUCH_USER.
> 
> NT/2K servers seem to have supported this, which is why the ID's exist here in the first place.  Is this a Samba restriction?  Is there a way around it?

Hmmmm. Yeah, this is our (my) fault. We are very paranoid about
allowing quote and other characters in a username as we can pass
such names to UNIX script calls. Such "strange" characters can
be used to invoke behaviour we're worried might break security.

You could try adding the ' character to the define in include/smb.h
ie. Add it to :

#define SAFE_NETBIOS_CHARS ". -_"

And also you'll need to change the line in smbd/password.c
that reads :

alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$", sizeof(vuser->user.smb_name));

to 

alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$'", sizeof(vuser->user.smb_name));

What do people thing about adding a "safe chars" option, or a
"safe usernames" that modifies/removes these filters ?

Jeremy.