-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andrew Bartlett wrote:
| Yes, we are stripping it out for security reasons. The problem is when | people use %U and %D macros in their smb.conf - particularly for | logfiles - we got bitten when %m was allowed to contain ../../, and | cracked down on it. | | I think Samba 3.0 allows this again, as I've gone over the codepaths, | and am happy with our verification (against the known list of trusted | domains etc).
Colin,
Here's a patch that should fix things for you.
cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/euJvIR7qMdg1EfYRAlK3AKCZ109swBqp6AEZpRcoI//xioSj+QCcCAfm 9c1jU/BMANtfFdPLRPjjFLY= =graX -----END PGP SIGNATURE-----
Index: smbd/reply.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.133
diff -u -r1.240.2.133 reply.c
--- smbd/reply.c 9 May 2003 21:31:23 -0000 1.240.2.133
+++ smbd/reply.c 1 Oct 2003 14:17:37 -0000
@@ -881,8 +881,8 @@
}
/* don't allow strange characters in usernames or domains */
- alpha_strcpy(user, user, ". _-$", sizeof(user));
- alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
+ alpha_strcpy(user, user, ". ~`#$%^&{}-_!()'", sizeof(user));
+ alpha_strcpy(domain, domain, "@. ~`$%^{}-_!()'", sizeof(domain));
if (strstr(user, "..") || strstr(domain,"..")) {
return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
}
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
