From 37ca87a01edd6865571f1f966a8523a7742a9e43 Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Sun, 25 Mar 2007 12:13:46 +0300 Subject: [PATCH] do_smb: URI-encode the username and password. I tested that this does the right thing for the username "Kalle %50" (encodes it to "Kalle%20%2550", and libsmbclient then decodes back). --- src/protocol/smb/smb2.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/protocol/smb/smb2.c b/src/protocol/smb/smb2.c index d2340b78b..0b3098ffe 100644 --- a/src/protocol/smb/smb2.c +++ b/src/protocol/smb/smb2.c @@ -296,10 +296,21 @@ do_smb(struct connection *conn) if (!uri_string || !init_string(&string)) { smb_error(-S_OUT_OF_MEM); } + /* Must URI-encode the username and password to avoid + * ambiguity if they contain "/:@" characters. + * Libsmbclient then decodes them again, and the + * server gets them as they were in auth->user and + * auth->password, i.e. as the user typed them in the + * auth dialog. This implies that, if the username or + * password contains some characters or bytes that the + * user cannot directly type, then she cannot enter + * them. If that becomes an actual problem, it should + * be fixed in the auth dialog, e.g. by providing a + * hexadecimal input mode. */ add_to_string(&string, "smb://"); - add_to_string(&string, auth->user); + encode_uri_string(&string, auth->user, -1, 1); add_char_to_string(&string, ':'); - add_to_string(&string, auth->password); + encode_uri_string(&string, auth->password, -1, 1); add_char_to_string(&string, '@'); add_to_string(&string, uri_string); url = string.source;