[Samba] $ in domain name, Samba 2.2.8a

Gerald (Jerry) Carter jerry at samba.org
Wed Oct 1 14:19:27 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Bartlett wrote:

| Yes, we are stripping it out for security reasons.  The problem is when
| people use %U and %D macros in their smb.conf - particularly for
| logfiles - we got bitten when %m was allowed to contain ../../, and
| cracked down on it.
|
| I think Samba 3.0 allows this again, as I've gone over the codepaths,
| and am happy with our verification (against the known list of trusted
| domains etc).

Colin,

Here's a patch that should fix things for you.



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/euJvIR7qMdg1EfYRAlK3AKCZ109swBqp6AEZpRcoI//xioSj+QCcCAfm
9c1jU/BMANtfFdPLRPjjFLY=
=graX
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: smbd/reply.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.133
diff -u -r1.240.2.133 reply.c
--- smbd/reply.c	9 May 2003 21:31:23 -0000	1.240.2.133
+++ smbd/reply.c	1 Oct 2003 14:17:37 -0000
@@ -881,8 +881,8 @@
   }
 
   /* don't allow strange characters in usernames or domains */
-  alpha_strcpy(user, user, ". _-$", sizeof(user));
-  alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
+  alpha_strcpy(user, user, ". ~`#$%^&{}-_!()'", sizeof(user));
+  alpha_strcpy(domain, domain, "@. ~`$%^{}-_!()'", sizeof(domain));
   if (strstr(user, "..") || strstr(domain,"..")) {
 	  return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
   }


More information about the samba mailing list