dealing with usernames containing whitespace
simo
idra at samba.org
Tue Jan 30 21:24:19 GMT 2007
I think we need something to "fix" the problem, but I am not sure why
you need something configurable, wouldn't it be less prone to misuse to
have a parameter named something like:
winbind normalize names = yes/no
This parameter always lower cases names and substitutes spaces with
underscores* ?
I like flexibility, but I don't like that much the winbind separator
thing for example, where some users use \ others + and others even more
strange ones, it gives us for more confusion than flexibility IMO.
Simo.
* and maybe also always forces a specific separator
On Tue, 2007-01-30 at 13:27 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Background: account names with whitespace such as "AD\Space Kadet"
> cause failures in various shell scripts, initialization files,
> Gnome, etc... because of the assumption that the IFS in base is
> whitespace. This patch introduces the 'winbind replacement character'
> parameter which maps names like "Space Kadet" to "Space_Kadet".
>
> For example:
>
> $ ssh -l "ad\space kadet" localhost
> Password:
> Last login: Tue Jan 30 12:51:53 2007 from localhost
>
> [AD\space_kadet at fiji ~]$ id
> uid=100012(AD\space_kadet) gid=100000(AD\domain_users)
> groups=100000(AD\domain_users)
>
> [AD\space_kadet at fiji ~]$ getent group "AD\Domain Users"
> AD\domain_users:x:100000:AD\space_kadet
>
> [AD\space_kadet at fiji ~]$ getent group "AD\Domain_Users"
> AD\domain_users:x:100000:AD\space_kadet
>
> This is one of those patches I feel dirty about but have
> a legitimate need for. What do others think?
>
>
>
>
>
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFv5wKIR7qMdg1EfYRAh3RAKDVw0V/oYPY4MJ3WoBKPWW1fZAUfgCffg0e
> sOYhddcOpLXaouqZEIQvPWI=
> =2B+T
> -----END PGP SIGNATURE-----
> plain text document attachment (winbind_replace_char_v1.patch)
> === modified file 'source/nsswitch/winbindd_group.c'
> --- source/nsswitch/winbindd_group.c 2007-01-25 02:37:08 +0000
> +++ source/nsswitch/winbindd_group.c 2007-01-30 19:11:24 +0000
> @@ -462,6 +462,7 @@
> gid_t gid;
> union unid_t id;
> NTSTATUS status;
> + char replace_char[2] = { 0x0, 0x0 };
>
> /* Ensure null termination */
> state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0';
> @@ -502,6 +503,11 @@
> }
>
> /* Get rid and name type from name */
> +
> + replace_char[0] = *lp_winbind_replacement_char();
> + if ( replace_char[0] != '\0' ) {
> + all_string_sub( name_group, " ", replace_char, 0 );
> + }
>
> if (!winbindd_lookup_sid_by_name(state->mem_ctx, domain, domain->name,
> name_group, &group_sid, &name_type)) {
>
> === modified file 'source/nsswitch/winbindd_rpc.c'
> --- source/nsswitch/winbindd_rpc.c 2006-12-09 14:15:03 +0000
> +++ source/nsswitch/winbindd_rpc.c 2007-01-30 19:11:24 +0000
> @@ -246,9 +246,10 @@
> NTSTATUS result;
> DOM_SID *sids = NULL;
> enum lsa_SidType *types = NULL;
> - const char *full_name;
> + char *full_name;
> struct rpc_pipe_client *cli;
> POLICY_HND lsa_policy;
> + char replace_char[2] = { 0x0, 0x0 };
>
> if(name == NULL || *name=='\0') {
> DEBUG(3,("rpc: name_to_sid name=%s\n", domain_name));
> @@ -262,6 +263,11 @@
> return NT_STATUS_NO_MEMORY;
> }
>
> + replace_char[0] = *lp_winbind_replacement_char();
> + if ( replace_char[0] != '\0' ) {
> + all_string_sub( full_name, replace_char, " ", 0 );
> + }
> +
> DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", full_name?full_name:"", domain_name ));
>
> result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
> @@ -298,6 +304,7 @@
> NTSTATUS result;
> struct rpc_pipe_client *cli;
> POLICY_HND lsa_policy;
> + char replace_char[2] = { 0x0, 0x0 };
>
> DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_static(sid),
> domain->name ));
> @@ -314,6 +321,12 @@
> *type = (enum lsa_SidType)types[0];
> *domain_name = domains[0];
> *name = names[0];
> +
> + replace_char[0] = *lp_winbind_replacement_char();
> + if ( replace_char[0] != '\0' ) {
> + all_string_sub( *name, " ", replace_char, 0 );
> + }
> +
> DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
> return NT_STATUS_OK;
> }
> @@ -333,6 +346,8 @@
> POLICY_HND lsa_policy;
> DOM_SID *sids;
> size_t i;
> + char **ret_names;
> + char replace_char[2] = { 0x0, 0x0 };
>
> DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name ));
>
> @@ -360,10 +375,15 @@
> return result;
> }
>
> + replace_char[0] = *lp_winbind_replacement_char();
> + ret_names = *names;
> +
> for (i=0; i<num_rids; i++) {
> if ((*types)[i] != SID_NAME_UNKNOWN) {
> + if ( replace_char[0] != '\0' ) {
> + all_string_sub( ret_names[i], " ", replace_char, 0 );
> + }
> *domain_name = domains[i];
> - break;
> }
> }
>
>
> === modified file 'source/nsswitch/winbindd_user.c'
> --- source/nsswitch/winbindd_user.c 2007-01-24 02:29:39 +0000
> +++ source/nsswitch/winbindd_user.c 2007-01-30 19:11:24 +0000
> @@ -228,6 +228,7 @@
> uint32 group_rid)
> {
> fstring username;
> + char replace_char[2] = { 0x0, 0x0 };
> struct getpwsid_state *s =
> talloc_get_type_abort(private_data, struct getpwsid_state);
>
> @@ -241,6 +242,12 @@
> fstrcpy( username, acct_name );
> strlower_m( username );
> s->username = talloc_strdup(s->state->mem_ctx, username);
> +
> + replace_char[0] = *lp_winbind_replacement_char();
> + if ( replace_char[0] != '\0' ) {
> + all_string_sub( s->username, " ", replace_char, 0 );
> + }
> +
> s->fullname = talloc_strdup(s->state->mem_ctx, full_name);
> s->homedir = talloc_strdup(s->state->mem_ctx, homedir);
> s->shell = talloc_strdup(s->state->mem_ctx, shell);
>
> === modified file 'source/param/loadparm.c'
> --- source/param/loadparm.c 2007-01-24 02:29:39 +0000
> +++ source/param/loadparm.c 2007-01-30 19:11:24 +0000
> @@ -180,6 +180,7 @@
> BOOL bWinbindNestedGroups;
> BOOL bWinbindRefreshTickets;
> BOOL bWinbindOfflineLogon;
> + char *szWinbindReplacementCharacter;
> char **szIdmapDomains;
> char **szIdmapBackend; /* deprecated */
> char *szIdmapAllocBackend;
> @@ -1288,6 +1289,7 @@
> {"winbind nss info", P_LIST, P_GLOBAL, &Globals.szWinbindNssInfo, NULL, NULL, FLAG_ADVANCED},
> {"winbind refresh tickets", P_BOOL, P_GLOBAL, &Globals.bWinbindRefreshTickets, NULL, NULL, FLAG_ADVANCED},
> {"winbind offline logon", P_BOOL, P_GLOBAL, &Globals.bWinbindOfflineLogon, NULL, NULL, FLAG_ADVANCED},
> + {"winbind replacement character", P_STRING, P_GLOBAL, &Globals.szWinbindReplacementCharacter, NULL, NULL, FLAG_ADVANCED},
>
> {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
> };
> @@ -1622,6 +1624,7 @@
> string_set(&Globals.szTemplateShell, "/bin/false");
> string_set(&Globals.szTemplateHomedir, "/home/%D/%U");
> string_set(&Globals.szWinbindSeparator, "\\");
> + string_set(&Globals.szWinbindReplacementCharacter, "_");
>
> string_set(&Globals.szCupsServer, "");
> string_set(&Globals.szIPrintServer, "");
> @@ -1855,6 +1858,7 @@
> FN_GLOBAL_BOOL(lp_winbind_nested_groups, &Globals.bWinbindNestedGroups)
> FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets)
> FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
> +FN_GLOBAL_STRING(lp_winbind_replacement_char, &Globals.szWinbindReplacementCharacter)
>
> FN_GLOBAL_LIST(lp_idmap_domains, &Globals.szIdmapDomains)
> FN_GLOBAL_LIST(lp_idmap_backend, &Globals.szIdmapBackend) /* deprecated */
>
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list