[Samba] $ in domain name, Samba 2.2.8a
Gerald (Jerry) Carter
jerry at samba.org
Wed Oct 1 14:19:27 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett wrote:
| Yes, we are stripping it out for security reasons. The problem is when
| people use %U and %D macros in their smb.conf - particularly for
| logfiles - we got bitten when %m was allowed to contain ../../, and
| cracked down on it.
|
| I think Samba 3.0 allows this again, as I've gone over the codepaths,
| and am happy with our verification (against the known list of trusted
| domains etc).
Colin,
Here's a patch that should fix things for you.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/euJvIR7qMdg1EfYRAlK3AKCZ109swBqp6AEZpRcoI//xioSj+QCcCAfm
9c1jU/BMANtfFdPLRPjjFLY=
=graX
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: smbd/reply.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.133
diff -u -r1.240.2.133 reply.c
--- smbd/reply.c 9 May 2003 21:31:23 -0000 1.240.2.133
+++ smbd/reply.c 1 Oct 2003 14:17:37 -0000
@@ -881,8 +881,8 @@
}
/* don't allow strange characters in usernames or domains */
- alpha_strcpy(user, user, ". _-$", sizeof(user));
- alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
+ alpha_strcpy(user, user, ". ~`#$%^&{}-_!()'", sizeof(user));
+ alpha_strcpy(domain, domain, "@. ~`$%^{}-_!()'", sizeof(domain));
if (strstr(user, "..") || strstr(domain,"..")) {
return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
}
More information about the samba
mailing list