Failed to add user with samba-tool with 'ascii' decode error

Benjamin Bohard bbohard at cadoles.com
Mon Apr 3 14:27:01 UTC 2017


Hello,

I am reviewing a bash script wrapping some samba-tool command for
automation purpose [1].

I ran into a decode error and traced it back to a recent modification :

https://bugzilla.samba.org/show_bug.cgi?id=12262

-            pw = unicode('"' + password + '"', 'utf-8').encode('utf-16-le')
+            pw = unicode('"' + password.encode('utf-8') + '"',
'utf-8').encode('utf-16-le')

The error I ran into is triggered by passing an utf-8 encoded password
to "samba-tool user create" with non-ascii characters.

As far as I understand this, password.encode('utf-8') acts on a str
object and python first attempts to decode it to unicode from ascii
(default codec) before encoding it to utf-8.

As I use samba in a well-known context, I fixed this problem momentarily
by decoding "password" to unicode from utf-8 (codec used in my context)
before it is passed to samdb newuser function :

diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index fbb98a1..86c51fd 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -306,6 +306,7 @@ Example5 shows how to create an RFC2307/NIS domain
enabled user account. If
             if not password == passwordverify:
                 password = None
                 self.outf.write("Sorry, passwords do not match.\n")
+        password = password.decode('utf-8')
 
         if rfc2307_from_nss:
                 pwent = pwd.getpwnam(username)

I know how difficult it is to foresee what encoding is used on input. So
I am not sure there is a global solution for this problem.

Best regards

[1] this script is part of EOLE metadistribution
(http://pcll.ac-dijon.fr/eole/).

-- 
Benjamin Bohard

Cadoles (http://www.cadoles.com)
Experts EOLE, Envole et logiciels libres


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170403/55deb9db/signature.sig>


More information about the samba-technical mailing list