[cifs-protocol] character escaping in DN and canonicalName [120072224000698]

Sreekanth Nadendla srenaden at microsoft.com
Mon Aug 10 15:36:06 UTC 2020 

Hello Douglas, the link you provided actually have the list of the only chars that will escape in canonicalName:

"In the canonicalName both the forward slash and backslash characters are escaped using the backslash escape character. However, no other characters are escaped."

canonicalName is a constructed attribute, which means it is only for output, but never for input.  In other word, you can not write a string of value of a canonicalName.  For the output sting of a canonicalName, the only characters that will appear with an escape \ will be forward and back slash.


1.	Distinguished name has a list of chars that need escape.  In corresponding canonicalName, escape will not appear:
For example:
Input DN to create a new object is:        CN=test\#End,CN=MiniSmokeAppNC
Search the object get:
ldap_search_s(ld, "CN=test\#End,CN=MiniSmokeAppNC", 0, "(objectClass=*)", attrList,  0, &msg)
Getting 1 entries:
Dn: CN=test\#End,CN=MiniSmokeAppNC
canonicalName: /MiniSmokeAppNC/test#End; 
name: test#End; 
DN has \#, but either canonicalName nor name has escape

2.	Hex value will be translated and stored as a Unicode if we can.
For example, input DN to create a new object is :  “CN=test\C4\81\#,CN=MiniSmokeAppNC”
Search the object get:
Dn: CN=testā\#,CN=MiniSmokeAppNC
canonicalName: /MiniSmokeAppNC/testā#; 
name: testā#; 
hex value is translated into a Unicode.  No escape for it in DN, canonicalName, or name

3.	Slash and backslash will appear in canonicalName with escape
For example, input DN to create a new object is : “CN=test\#\\End,CN=MiniSmokeAppNC”
Search this object get:
Dn: CN=test\#\\End,CN=MiniSmokeAppNC
canonicalName: /MiniSmokeAppNC/test#\\End; 
name: test#\End; 
DN has escape for both “#” and “\”.  canonicalName has escape for \ but not for #.  Name has either.

Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Sreekanth Nadendla 
Sent: Monday, August 3, 2020 11:19 AM
To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
Subject: character escaping in DN and canonicalName [120072224000698]

Hi Douglas, I’m researching this issue for you. Will provide you an update as soon as I have some details to share with you.


Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Obaid Farooqi <obaidf at microsoft.com> 
Sent: Wednesday, July 22, 2020 4:33 AM
To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
Subject: RE: character escaping in DN and canonicalName [120072224000698]

Hi Douglas:
Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon.

Regards,
Obaid Farooqi
Escalatiion Engineer | Microsoft

-----Original Message-----
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Tuesday, July 21, 2020 9:22 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] character escaping in DN and canonicalName

hi Dochelp,

According to RFC 4514 and articles like
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F5312.active-directory-characters-to-escape.aspx&data=02%7C01%7Csrenaden%40microsoft.com%7Cf6102022d87742a94e6b08d82e19ccd8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637310035698795797&sdata=1ALo7t2ByMAMsJN7AVPeumOVtlLbs2Ri%2FVR49AJwFTY%3D&reserved=0
the characters ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\' are escaped with a leading '\', while other characters can be escaped as hex values like "\0a". For canonicalName, '/' must also be escaped, for obvious reasons.

My question is: is there anywhere a list of which characters are canonically escaped in the hex form?

That is, I suppose a carriage return is always escaped as "\0d", and an 'A' is never escaped as "\41". But I don't know whether, for example, "ā" ('a' with macron) is included in a canonicalName or DN string as "\C4\81" or as the plain UTF-8 "ā".

regards,
Douglas

More information about the cifs-protocol mailing list