[Samba] Practicality of fixing samba's case mangling problems?
Linda Walsh
samba at tlinx.org
Wed Dec 28 19:58:10 MST 2011
Christopher R. Hertel wrote:
> Linda,
>
> If you have filed a bugzilla report,
Date Title
2011-07-27 *Bug 8325*
<https://bugzilla.samba.org/show_bug.cgi?id=8325> - WINS should no
longer be changing 'case' on hostnames' inconsistent with domain practice
2011-08-17 *Bug 8380*
<https://bugzilla.samba.org/show_bug.cgi?id=8380> - Samba needs to
preserve casename on user/group/host to be MS-compat (all versions)
2011-08-29 *Bug 8417*
<https://bugzilla.samba.org/show_bug.cgi?id=8417> - Samba needs to not
mess with case of domain and host names
2011-09-05 *Bug 8435*
<https://bugzilla.samba.org/show_bug.cgi?id=8435> - NMBD altering case
of file names causes other subsystems to fail.
--- I've filed a few.
> ... and can identify the code that needs review, that would help.
Well, that's why I'm whining in public... it's a bit too much for me to
handle:
The files (just looked at samba3 code):
./auth/auth_builtin.c
./auth/auth_server.c
./auth/auth_util.c
- ./auth/pampass.c
- ./auth/pass_check.c
./client/client.c
?./client/clitar.c
./include/includes.h
./include/proto.h
./lib/afs.c
-./lib/charcnv.c
./lib/eventlog/eventlog.c
./lib/substitute.c
./lib/username.c
./lib/util.c
-./lib/util_str.c
-./lib/util_unistr.c
./libads/ads_struct.c
./libads/dns.c
./libads/kerberos.c
./libads/kerberos_keytab.c
./libads/kerberos_verify.c
./libads/ldap.c
./libads/util.c
./libnet/libnet_join.c
./libsmb/cliconnect.c
./libsmb/clifsinfo.c
./libsmb/clirap.c
./libsmb/clirap2.c
./libsmb/dsgetdcname.c
./libsmb/namecache.c
./libsmb/namequery.c
./libsmb/namequery_dc.c
./libsmb/nmblib.c
./libsmb/nmblib.c
./libsmb/ntlmssp.c
./libsmb/trustdom_cache.c
./modules/vfs_afsacl.c
./modules/vfs_streams_depot.c
./modules/vfs_streams_xattr.c
./nmbd/nmbd_browserdb.c
./nmbd/nmbd_browsesync.c
./nmbd/nmbd_elections.c
?./nmbd/nmbd_incomingdgrams.c
./nmbd/nmbd_incomingdgrams.c
./nmbd/nmbd_incomingrequests.c
./nmbd/nmbd_namelistdb.c
./nmbd/nmbd_sendannounce.c
./nmbd/nmbd_serverlistdb.c
./nmbd/nmbd_winsserver.c
./param/loadparm.c
./passdb/lookup_sid.c
./passdb/pdb_interface.c
./passdb/pdb_ldap.c
./passdb/pdb_tdb.c
./passdb/secrets.c
./printing/lpq_parse.c
./printing/nt_printing.c
./registry/reg_util.c
./rpc_client/cli_pipe.c
./rpc_server/srv_dfs_nt.c
./rpc_server/srv_dssetup_nt.c
./rpc_server/srv_wkssvc_nt.c
./rpcclient/cmd_spoolss.c
./smbd/filename.c
./smbd/lanman.c
-./smbd/mangle_hash.c
./smbd/mangle_hash2.c
./smbd/negprot.c
./smbd/password.c
./smbd/seal.c
./smbd/service.c
./smbd/service.c
./smbd/sesssetup.c
./smbd/smb2_tcon.c
./torture/masktest.c
./torture/torture.c
./utils/net_ads.c
./utils/net_conf.c
./utils/net_idmap.c
./utils/net_rpc.c
./utils/net_rpc_join.c
./utils/net_usershare.c
./utils/ntlm_auth.c
./utils/ntlm_auth_diagnostics.c
./utils/pdbedit.c
./utils/smbcontrol.c
-./utils/smbpasswd.c
./winbindd/idmap_adex/gc_util.c
./winbindd/idmap_ldap.c
./winbindd/wb_fill_pwent.c
./winbindd/winbindd_ads.c
./winbindd/winbindd_cache.c
./winbindd/winbindd_cm.c
./winbindd/winbindd_pam.c
./winbindd/winbindd_util.c
---
Ones with a "-" in front of them mention strup/lo, but don't use it for
user or dom mangling.
There are a few.
Not really sure about how good the case mangling that is in there is...
as it tries to handle unicode, w/out knowing that max UTF-8 len for
current unicode (up through
bit plane 17), takes 4 bytes , not 5 as a the code comments.
Also this made me wonder about making modifications, as I don't know
what I' might
be trying to base code on...
use_as_is:
/*
* Conversion not supported. This is actually an error, but there are so
* many misconfigured iconv systems and smb.conf's out there we
can't just
* fail. Do a very bad conversion instead.... JRA.
*/
====
So not sure what one would end up with or what types of
incompatibilities one might
introduce if one were to try to introduce changes to code to code that
passes through
errors... how does one define case for erroneous charset usage?
> How are you at digging into the code?
----
Not ALOT of 'endurance', easily distracted....
> and can identify the code that needs review, that would help. Patches are
> even better.
Last patch of mine got modified into a personal statement by someone
about their bad experiences
w/the security 'community'[sic]... *ahem*...
> The more specific details that you can provide the better able
> one of us will be to work with you on resolving the problems you are seeing.
>
> Chris -)-----
>
Well, I have raised the issue a few times...
More information about the samba
mailing list