Managing DNs in libads only in utf8
simo
idra at samba.org
Tue Feb 27 16:16:59 GMT 2007
On Tue, 2007-02-27 at 10:11 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Simo,
>
> > Attached patch should work,
>
> This statement is a little disconcerting. The "should"
> implies that you haven't tested it. Maybe you have
> and this is just a syntax error.
syntax error, it compiles.
> Why should we review and potentially debug a patch for a
> bug that may not be fixed? I'm know that I may see a little
> stubborn here but reviewing untested patches is not an
> efficient use of code review.
You should just take a quick look at the impact it have to be able to
understand what code is impacted, nothing more.
> > however if we decide to go the struct {} way, this patch
> > is not so important (as I said I compiled it but not
> > tested it as I wanted input before committing myself too
> > much for something that could be rejected).
>
> I agree with Volker. Any patch that cannot enforce the
> type checking for UTF-8 strings and cacth a mismatch
> with a char* is bound to get us in trouble. We need
> to be able to look at the code for single function and
> know what we are dealing with.
I agree as well!
> If that makes this patch obsolete, then we should just
> move forward with the struct design IMO. And coding in small
> chunks (like patches submitted to lkml) will really help
> when review the bzr tree.
I am ok with this, I was just looking for agreement on Volker proposal,
the patch was just to show that the whole change is not as big as people
may think, nothing more.
> >> I still need an example of how to reproduce the original
> >> bug before I can review this.
> >
> > Easiest way:
> >
> > Set unix charset = ASCII
> > Create an AD user with a non ASCII character in the
> > DN (you can keep the pre-Windows2000 name ASCII that
> > doesn't matter). Add that user to a group.
> >
> > The user will not be reported as member of that group
> > by nss_winbind because the utf8->ASCII->utf8 conversion
> > alters the DN.
> >
> > Change the DN back to be ASCII and as soon as
> > the winbindd cache expires the user magically appears
> > back as member of the group.
>
> Can you point me at which method in winbindd_ads.c
> is the culprit? I know about libads. But I want to trace
> one winbind call.
Man, do anybody read mails? Or do you all just read the first 10 lines?
This was in my first mail:
This affects primarily lookup_usergroups_member()*** and
lookup_usergroups_memberof() in nsswitch/winbindd_ads.c as they
need an intact DN.
Seem nobody cared to read that mail, and jumped on the first 10 lines
jra highlighted. ... Uhm I'll blame Jeremy :-)
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list