From 59db9bcbf084a23c1f8c7e1c7017f064b8c1e59c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 4 Jul 2001 04:17:58 +0000
Subject: check for bad usernames early in session setup (This used to be
 commit 657836599a847578096696af27cd7c9f0d52c931)

---
 source3/smbd/reply.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index d27f7842eb..edcc3f4838 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -858,6 +858,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 	     domain,native_os,native_lanman));
   }
 
+  /* don't allow for weird usernames */
+  alpha_strcpy(user, user, ". _-", sizeof(user));
+  if (strstr(user, "..")) {
+	  return bad_password_error(inbuf, outbuf);
+  }
+
   DEBUG(3,("sesssetupX:name=[%s]\n",user));
 
   /* If name ends in $ then I think it's asking about whether a */
-- 
cgit