From 9758d87315a800e238b7011b7879dcfb9b1339d3 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Tue, 17 Jan 2012 14:43:24 -0500
Subject: cifscreds: loosen allowed characters in domain names

As Donald points out, NetBIOS domains are allowed more characters than
the code currently allows. Change the test to one that checks for
disallowed characters instead.

Also, I can't find anything that says that '@' is not allowed in a
username. Might as well allow that too. Worst case, the server will
reject the username.

Reported-by: Donald R. Gray Jr <donald.r.gray@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
---
 cifscreds.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/cifscreds.c b/cifscreds.c
index 279517a..cbd431e 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -42,10 +42,13 @@
 #define MOUNT_PASSWD_SIZE 128
 #define MAX_DOMAIN_SIZE 64
 
-/* allowed and disallowed characters for user and domain name */
-#define USER_DISALLOWED_CHARS "\\/\"[]:|<>+=;,?*@"
-#define DOMAIN_ALLOWED_CHARS "abcdefghijklmnopqrstuvwxyz" \
-			     "ABCDEFGHIJKLMNOPQRSTUVWXYZ-."
+/*
+ * disallowed characters for user and domain names. See:
+ * http://technet.microsoft.com/en-us/library/bb726984.aspx
+ * http://support.microsoft.com/kb/909264
+ */
+#define USER_DISALLOWED_CHARS "\\/\"[]:|<>+=;,?*"
+#define DOMAIN_DISALLOWED_CHARS "\\/:*?\"<>|"
 
 /* destination keyring */
 #define DEST_KEYRING KEY_SPEC_USER_KEYRING
@@ -567,7 +570,7 @@ int main(int argc, char **argv)
 		arg.host = argv[optind + 1];
 
 	if (arg.host && arg.keytype == 'd' &&
-	    strspn(arg.host, DOMAIN_ALLOWED_CHARS) != strnlen(arg.host, MAX_DOMAIN_SIZE)) {
+	    strpbrk(arg.host, DOMAIN_DISALLOWED_CHARS)) {
 		fprintf(stderr, "error: Domain name contains invalid characters\n");
 		return EXIT_FAILURE;
 	}
-- 
cgit v1.2.3