samba - Sep 2002 - "@" doesn't work in the NT domain name

I am part of a large worldwide Active Directory and all of our individual
site NT domain names have an  ampersand symbol in them
(for example: VWS@ROCHESTER)  Samba 2.2.6pre2 and older won't join this
domain name, or allow connections to it from users in this domain.  The
logs state that the domain name is "VWS_ROCHESTER",  the code is
squashing
the @ to an _ causing all authentification attempts to fail.  Since we are
migrating to this domain, all of our samba servers will NOT function for
users connecting from the AD domains due to the domain-name mangling.

I was told this was done as part of a security audit to the samba code, but
it breaks compatibility in a major way. Ampersands are VALID in a netbios
domain name, just not in a machine name (AFAIK), but samba doesn't comply
in this regard.  Since changing the netbios domain names of our win2k
domains is not possible, I need a fix ASAP.  Any suggestions?


"This e-mail message is intended only for the use of the named
recipient(s).
The information contained therein may be confidential or privileged, and
its
disclosure or reproduction is strictly prohibited. If you are not the named
recipient, please return it immediately to its sender at the above address
and destroy it."

On Thu, Sep 19, 2002 at 04:30:44PM -0400, dave.andruczyk@valeo.com
wrote:
> 
> I am part of a large worldwide Active Directory and all of our individual
> site NT domain names have an  ampersand symbol in them
> (for example: VWS@ROCHESTER)  Samba 2.2.6pre2 and older won't join this
> domain name, or allow connections to it from users in this domain.  The
> logs state that the domain name is "VWS_ROCHESTER",  the code is
squashing
> the @ to an _ causing all authentification attempts to fail.  Since we are
> migrating to this domain, all of our samba servers will NOT function for
> users connecting from the AD domains due to the domain-name mangling.
> 
> I was told this was done as part of a security audit to the samba code, but
> it breaks compatibility in a major way. Ampersands are VALID in a netbios
> domain name, just not in a machine name (AFAIK), but samba doesn't
comply
> in this regard.  Since changing the netbios domain names of our win2k
> domains is not possible, I need a fix ASAP.  Any suggestions?
Try the following patch - please let me know if it fixes the problem.

Thanks,

	Jeremy.

Index: smbd/reply.c
==================================================================RCS file:
/data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.117
diff -u -r1.240.2.117 reply.c
--- smbd/reply.c        11 Sep 2002 01:05:18 -0000      1.240.2.117
+++ smbd/reply.c        20 Sep 2002 02:20:13 -0000
@@ -860,7 +860,7 @@

   /* don't allow strange characters in usernames or domains */
   alpha_strcpy(user, user, ". _-$", sizeof(user));
-  alpha_strcpy(domain, domain, ". _-", sizeof(domain));
+  alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
   if (strstr(user, "..") || strstr(domain,"..")) {
          return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
   }

On Thu, 19 Sep 2002 dave.andruczyk@valeo.com wrote:
> 
> I am part of a large worldwide Active Directory and all of our individual
> site NT domain names have an  ampersand symbol in them
> (for example: VWS@ROCHESTER)  Samba 2.2.6pre2 and older won't join this
> domain name, or allow connections to it from users in this domain.  The
> logs state that the domain name is "VWS_ROCHESTER",  the code is
squashing
> the @ to an _ causing all authentification attempts to fail.  Since we are
> migrating to this domain, all of our samba servers will NOT function for
> users connecting from the AD domains due to the domain-name mangling.
> 
> I was told this was done as part of a security audit to the samba code, but
> it breaks compatibility in a major way. Ampersands are VALID in a netbios
> domain name, just not in a machine name (AFAIK), but samba doesn't
comply
> in this regard.  Since changing the netbios domain names of our win2k
> domains is not possible, I need a fix ASAP.  Any suggestions?
grrr... I hate that alpha_strcpy() code.  I'll get you a fix today.
Can you send me a level 10 debug log of the failure?





cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN
0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

[This email is either empty or too large to be displayed at this time]