Managing DNs in libads only in utf8
idra at samba.org
Tue Feb 27 15:21:10 GMT 2007
On Tue, 2007-02-27 at 08:59 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> simo wrote:
> > Hello technical people,
> > after a report about a possible problem with how we manage DNs,
> > I discovered we currently may have some problems in case "unix charset"
> > is not set to UTF-8 and we are using security = ads. *
> > The problem is that we always convert everything coming out of ldap to
> > the local unix charset and then we convert** it back utf8 before using
> > it (see ads_get_dn()).
> > The problem in doing this is that we convert some DN this way:
> > utf8 -> local -> utf8
> Hey Simo,
> I've tried to catch up on the thread and so will just reply all
> in one mail. I'll just hit the highlights.
> * I agree with the problem (in theory). Sounds right
> to me but I'm not looking at the code right now.
> * Dealing with LDAP DNs as UTF-8 makes sense. But the
> change should be limited to the ldap files. Don't
> worry about the printer publishing stuff in nt_printing.c
> right now. Just show me what is broken in practice
> (an example) and the minimal change to fix it.
It is limited to ldap files, there is only one change in the printing
code that I have to change, no big deal.
> * I'm willing to review a patch from a bzr tree
> but would prefer not see this go into the main svn
> until it was complete and agreed upon by all (if
> everyone did in fact agree). Volker is right. Splitting
> up reformatting, variable renames, and real code changes
> will help everyone out to review.
Attached a patch without the variable name change, no other reformatting
was done and the patch is 20% smaller.
> * I don't want to use an elephant gun to swat a fly.
> In other words, the amount of pain we suffer from
> the bug allows for a certain amount of currency to
> pay for the size of the change to fix it.
No elefant gun, I did the job of checking every single use of a DN
coming out from libads in less then 6 hours while also changing the
code. Changing the DN to a struct will make checking for it much easier
as the compiler will help find out every single inconsistency that I may
miss by just manually checking.
Samba Team GPL Compliance Officer
email: idra at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 12837 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070227/f4c79054/samba3_libads_utf8_dns.bin
More information about the samba-technical