Managing DNs in libads only in utf8

simo idra at samba.org
Tue Feb 27 15:21:10 GMT 2007 

On Tue, 2007-02-27 at 08:59 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> simo wrote:
> > Hello technical people,
> > 
> > after a report about a possible problem with how we manage DNs,
> > I discovered we currently may have some problems in case "unix charset"
> > is not set to UTF-8 and we are using security = ads. *
> > 
> > The problem is that we always convert everything coming out of ldap to
> > the local unix charset and then we convert** it back utf8 before using
> > it (see ads_get_dn()).
> > 
> > The problem in doing this is that we convert some DN this way:
> > utf8 -> local -> utf8
> 
> Hey Simo,
> 
> I've tried to catch up on the thread and so will just reply all
> in one mail.  I'll just hit the highlights.
> 
> * I agree with the problem (in theory).   Sounds right
>   to me but I'm not looking at the code right now.

'k

> * Dealing with LDAP DNs as UTF-8 makes sense.  But the
>   change should be limited to the ldap files.  Don't
>   worry about the printer publishing stuff in nt_printing.c
>   right now.  Just show me what is broken in practice
>   (an example) and the minimal change to fix it.

It is limited to ldap files, there is only one change in the printing
code that I have to change, no big deal.

> * I'm willing to review a patch from a bzr tree
>   but would prefer not see this go into the main svn
>   until it was complete and agreed upon by all (if
>   everyone did in fact agree).  Volker is right.  Splitting
>   up reformatting, variable renames, and real code changes
>   will help everyone out to review.

Attached a patch without the variable name change, no other reformatting
was done and the patch is 20% smaller.

> * I don't want to use an elephant gun to swat a fly.
>   In other words, the amount of pain we suffer from
>   the bug allows for a certain amount of currency to
>   pay for the size of the change to fix it.

No elefant gun, I did the job of checking every single use of a DN
coming out from libads in less then 6 hours while also changing the
code. Changing the DN to a struct will make checking for it much easier
as the compiler will help find out every single inconsistency that I may
miss by just manually checking.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba3_libads_utf8_dns.patch
Type: text/x-patch
Size: 12837 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070227/f4c79054/samba3_libads_utf8_dns.bin

More information about the samba-technical mailing list