Displaying 1 result from an estimated 1 matches for "cli_session_setup_guest".
2015 Feb 02
1
Can login with a bogus username which ends with a "/" or a "\"
We have noticed that if a username, that ends in a "\" or a "/", tries to login, then the workspace becomes the user name ( up to the "/" or "\" ) and then username is empty, allowing a bogus user to authenticate and calls cli_session_setup_guest() to log in anonymously. This is done in cli_session_setup():
/* allow for workgroups as part of the username */
if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
(p=strchr_m(user2,*lp_winbind_separator()))) {...