check for bad usernames early in session setup

author Andrew Tridgell <tridge@samba.org>

Wed, 4 Jul 2001 04:17:58 +0000 (04:17 +0000)

committer Andrew Tridgell <tridge@samba.org>

Wed, 4 Jul 2001 04:17:58 +0000 (04:17 +0000)
author Andrew Tridgell <tridge@samba.org>
Wed, 4 Jul 2001 04:17:58 +0000 (04:17 +0000)
committer Andrew Tridgell <tridge@samba.org>
Wed, 4 Jul 2001 04:17:58 +0000 (04:17 +0000)
diff --git a/source/smbd/reply.c b/source/smbd/reply.c

index d27f7842eb4c47403cc09c6902b6e9eb24dc9ae7..edcc3f48382bee61aee71e1302306c5b3128b141 100644 (file)
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -858,6 +858,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
              domain,native_os,native_lanman));
    }
  
+  /* don't allow for weird usernames */
+  alpha_strcpy(user, user, ". _-", sizeof(user));
+  if (strstr(user, "..")) {
+         return bad_password_error(inbuf, outbuf);
+  }
+
    DEBUG(3,("sesssetupX:name=[%s]\n",user));
  
    /* If name ends in $ then I think it's asking about whether a */
author	Andrew Tridgell <tridge@samba.org>
	Wed, 4 Jul 2001 04:17:58 +0000 (04:17 +0000)
committer	Andrew Tridgell <tridge@samba.org>
	Wed, 4 Jul 2001 04:17:58 +0000 (04:17 +0000)