[cifs-protocol] [REG:RE: [REG:111062276428612] RE: userParameters attribute

Hongwei Sun hongweis at microsoft.com
Mon Aug 15 13:14:47 MDT 2011


Hi, Matthieu/Andrew

  We completed the investigation on this issue.  The userParameters attribute is typed in AD as a Unicode string, but as previously noted the actual contents are a binary structure  (see section 2.3.1 in MS-TSTS).   When the data is set via MS-SAMR, the data is stored in AD in its untouched entirety.   When querying this attribute via the MS-SAMR protocol, everything works as expected because the entire contents of the buffer are returned in a byte-counted UNICODE_STRING structure, thus again no data is lost.   When LDAP is used to query the data however, AD must convert the “string” to a UTF-8 string before returning it to the client as per 2.5.5.12 MS-ADTS and 6.10 of RFC 2252.     Unfortunately, UTF8 conversion of non-valid Unicode characters can result in a lossy conversion, which is what appears to have happened here.    Internally, Windows code does not use LDAP to query the userParameters attribute, which is why this issue has gone so long unnoticed.

  Please let me know if you have more questions.

Thanks!

Hongwei

-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org] 
Sent: Tuesday, August 09, 2011 4:39 PM
To: Hongwei Sun
Cc: pfif at tridgell.net; cifs-protocol at samba.org; Michael Ströder; Andrew Bartlett
Subject: Re: [cifs-protocol] [REG:111062276428612] RE: userParameters attribute

Hi Hongwei,

Any news on this subject ?

Matthieu.

On 07/07/2011 02:15, Matthieu Patou wrote:
> Hi Hongwei,
>
> I updated the bug report.
>
>
> On 28/06/2011 22:40, Hongwei Sun wrote:
>> Matthieu,
>>
>>    This is fine.     We will wait for that.   I also want to confirm 
>> that we don't need any more data to be produced, we just need the 
>> steps you used to produce the data output in the bug.
>>
>> Thanks!
>>
>> Hongwei
>>
>>
>> -----Original Message-----
>> From: Matthieu Patou [mailto:mat at matws.net]
>> Sent: Tuesday, June 28, 2011 11:57 AM
>> To: Hongwei Sun
>> Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org; 
>> Michael Ströder
>> Subject: Re: [cifs-protocol] [REG:111062276428612] RE: userParameters 
>> attribute
>>
>> On 28/06/2011 19:06, Hongwei Sun wrote:
>>> Matthieu,
>>>
>>>      Any update ?  I just checked the bug and it doesn't have any 
>>> new information.
>> Nope, I'm busy trying to add a new DC to my production.
>>
>> Can you postpone this up to 2 weeks I have to finish some other stuff 
>> in hurry.
>>
>> Matthieu
>>> Thanks!
>>>
>>> Hongwei
>>>
>>> -----Original Message-----
>>> From: Hongwei Sun
>>> Sent: Wednesday, June 22, 2011 4:42 PM
>>> To: 'Matthieu Patou'
>>> Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org; 
>>> Michael Ströder
>>> Subject: RE: [cifs-protocol] [REG:111062276428612] RE: 
>>> userParameters attribute
>>>
>>> Either way is fine.    You can send it here and save it to the bug  
>>> so all the history will be there too.
>>>
>>> Hongwei
>>>
>>> -----Original Message-----
>>> From: Matthieu Patou [mailto:mat at matws.net]
>>> Sent: Wednesday, June 22, 2011 4:39 PM
>>> To: Hongwei Sun
>>> Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org; 
>>> Michael Ströder
>>> Subject: Re: [cifs-protocol] [REG:111062276428612] RE: 
>>> userParameters attribute
>>>
>>> On 23/06/2011 01:29, Hongwei Sun wrote:
>>>> Andrew, Matthieu,
>>>>
>>>>         I noticed that Matthieu updated the LDAP representation 
>>>> blob and the SAMR network capture that shows the UTF16 string in 
>>>> SamrSetInformationUser in the bug
>>>> (https://bugzilla.samba.org/show_bug.cgi?id=8077).      Could you 
>>>> tell us the exact steps you used to do the testing  ?   The product 
>>>> team needs that to have the same repro for the investigation.
>>>>
>>>> Thanks!
>>> Here or in the bug ?
>>>
>>> Matthieu.
>>>> Hongwei
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Andrew Bartlett [mailto:abartlet at samba.org]
>>>> Sent: Monday, June 20, 2011 8:09 PM
>>>> To: Hongwei Sun
>>>> Cc: Stefan (metze) Metzmacher; pfif at tridgell.net; 
>>>> cifs-protocol at samba.org; Michael Ströder
>>>> Subject: RE: [REG: 111052361876778] RE: userParameters attribute
>>>>
>>>> On Mon, 2011-06-20 at 20:14 +0000, Hongwei Sun wrote:
>>>>> Metze/Andrew,
>>>>>
>>>>>       We updated the description of userParameters in MS-ADA3 and 
>>>>> other related documents to clarify that it is not saved as utf16
>>>>> or utf8 Unicode strings as below.   They will appear in the next 
>>>>> release of the open protocol documents.
>>>> The key point that seems to be brushed over here is: how is this 
>>>> 'not UTF8' string in LDAP translated into and from the 
>>>> representation sent over SAMR (which appears to be UTF16)?
>>>>
>>>> For example, please explain how the values seen in this bug get 
>>>> translated between each other.  At a first glance, the translation 
>>>> does indeed appear to be that between UTF16 and UTF8, so if they 
>>>> are not
>>>> UTF16 and UTF8 strings, what are they, and what defines the 
>>>> translation?
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=8077
>>>>
>>>> Andrew Bartlett
>>>>
>>
>> _______________________________________________
>> cifs-protocol mailing list
>> cifs-protocol at cifs.org
>> https://lists.samba.org/mailman/listinfo/cifs-protocol
>


--
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary





More information about the cifs-protocol mailing list