system/2898: user(8) does not allow usernames with trailing '$' (used by samba)

From: <paulc(at)passtheaardvark.com>
Date: Thu Aug 22 2002 - 17:53:11 EDT

>Number: 2898
>Category: system
>Synopsis: user(8) does not allow usernames with trailing '$' (used by samba)
>Confidential: no
net
>Environment:

	System      : OpenBSD 3.1
	Architecture: OpenBSD.i386
	Machine     : i386

>Description:

	user(8) does not allow usernames containing the '$' character. To allow
	Samba 2.2 to automatically create machine trust accounts when operating
	as a PDC for an NT domain it needs to be able to create an account based
	on the client hostname with a '$' prepended. This is usually done 
	by a script specified in the smb.conf file.
	used by Samba when creating machine trust accounts 

>How-To-Repeat:

	$ user add abc$
	user: `abc$' is not a valid login name

>Fix:

	It appears that '$' is a legal character in login names (although probably
	undesirable due to shell evaluation & aesthetic issues) - to limit the 
	impact and provide an expedient solution to support samba I attach a patch
	to user.c which will allow a '$' as the last character of a password only.


--- src/usr.sbin/user/user.c.orig       Thu Aug 22 17:15:39 2002

+++ src/usr.sbin/user/user.c Thu Aug 22 17:29:39 2002 @@ -551,7 +551,9 @@

        char *cp;

        for (cp = login ; *cp ; cp++) {
-               if (!isalnum(*cp) && *cp != '.' && *cp != '_' && *cp != '-') {
+        /* Allow $ as last character only */
+               if (!isalnum(*cp) && *cp != '.' && *cp != '_' && *cp != '-'
+                && !(*cp == '$' && *(cp+1) == 0) ) {
                        return 0;
                }
        }

>Release-Note:
Received on Thu Nov 7 16:17:12 2002