[Samba] Practicality of fixing samba's case mangling problems?
Günter Kukkukk
linux at kukkukk.com
Wed Dec 28 21:28:43 MST 2011
On Thursday 29 December 2011 03:58:10 Linda Walsh wrote:
Hi Linda,
> Christopher R. Hertel wrote:
> > Linda,
> >
> > If you have filed a bugzilla report,
>
> Date Title
>
> 2011-07-27 *Bug 8325*
> <https://bugzilla.samba.org/show_bug.cgi?id=8325> - WINS should no
> longer be changing 'case' on hostnames' inconsistent with domain practice
> 2011-08-17 *Bug 8380*
> <https://bugzilla.samba.org/show_bug.cgi?id=8380> - Samba needs to
> preserve casename on user/group/host to be MS-compat (all versions)
> 2011-08-29 *Bug 8417*
> <https://bugzilla.samba.org/show_bug.cgi?id=8417> - Samba needs to not
> mess with case of domain and host names
> 2011-09-05 *Bug 8435*
> <https://bugzilla.samba.org/show_bug.cgi?id=8435> - NMBD altering case
> of file names causes other subsystems to fail.
>
>
> --- I've filed a few.
>
> > ... and can identify the code that needs review, that would help.
>
> Well, that's why I'm whining in public... it's a bit too much for me to
> handle:
>
> The files (just looked at samba3 code):
>
> ./auth/auth_builtin.c
> ./auth/auth_server.c
> ./auth/auth_util.c
> - ./auth/pampass.c
> - ./auth/pass_check.c
> ./client/client.c
> ?./client/clitar.c
> ./include/includes.h
> ./include/proto.h
> ./lib/afs.c
> -./lib/charcnv.c
> ./lib/eventlog/eventlog.c
> ./lib/substitute.c
> ./lib/username.c
> ./lib/util.c
> -./lib/util_str.c
> -./lib/util_unistr.c
> ./libads/ads_struct.c
> ./libads/dns.c
> ./libads/kerberos.c
> ./libads/kerberos_keytab.c
> ./libads/kerberos_verify.c
> ./libads/ldap.c
> ./libads/util.c
> ./libnet/libnet_join.c
> ./libsmb/cliconnect.c
> ./libsmb/clifsinfo.c
> ./libsmb/clirap.c
> ./libsmb/clirap2.c
> ./libsmb/dsgetdcname.c
> ./libsmb/namecache.c
> ./libsmb/namequery.c
> ./libsmb/namequery_dc.c
> ./libsmb/nmblib.c
> ./libsmb/nmblib.c
> ./libsmb/ntlmssp.c
> ./libsmb/trustdom_cache.c
> ./modules/vfs_afsacl.c
> ./modules/vfs_streams_depot.c
> ./modules/vfs_streams_xattr.c
> ./nmbd/nmbd_browserdb.c
> ./nmbd/nmbd_browsesync.c
> ./nmbd/nmbd_elections.c
> ?./nmbd/nmbd_incomingdgrams.c
> ./nmbd/nmbd_incomingdgrams.c
> ./nmbd/nmbd_incomingrequests.c
> ./nmbd/nmbd_namelistdb.c
> ./nmbd/nmbd_sendannounce.c
> ./nmbd/nmbd_serverlistdb.c
> ./nmbd/nmbd_winsserver.c
> ./param/loadparm.c
> ./passdb/lookup_sid.c
> ./passdb/pdb_interface.c
> ./passdb/pdb_ldap.c
> ./passdb/pdb_tdb.c
> ./passdb/secrets.c
> ./printing/lpq_parse.c
> ./printing/nt_printing.c
> ./registry/reg_util.c
> ./rpc_client/cli_pipe.c
> ./rpc_server/srv_dfs_nt.c
> ./rpc_server/srv_dssetup_nt.c
> ./rpc_server/srv_wkssvc_nt.c
> ./rpcclient/cmd_spoolss.c
> ./smbd/filename.c
> ./smbd/lanman.c
> -./smbd/mangle_hash.c
> ./smbd/mangle_hash2.c
> ./smbd/negprot.c
> ./smbd/password.c
> ./smbd/seal.c
> ./smbd/service.c
> ./smbd/service.c
> ./smbd/sesssetup.c
> ./smbd/smb2_tcon.c
> ./torture/masktest.c
> ./torture/torture.c
> ./utils/net_ads.c
> ./utils/net_conf.c
> ./utils/net_idmap.c
> ./utils/net_rpc.c
> ./utils/net_rpc_join.c
> ./utils/net_usershare.c
> ./utils/ntlm_auth.c
> ./utils/ntlm_auth_diagnostics.c
> ./utils/pdbedit.c
> ./utils/smbcontrol.c
> -./utils/smbpasswd.c
> ./winbindd/idmap_adex/gc_util.c
> ./winbindd/idmap_ldap.c
> ./winbindd/wb_fill_pwent.c
> ./winbindd/winbindd_ads.c
> ./winbindd/winbindd_cache.c
> ./winbindd/winbindd_cm.c
> ./winbindd/winbindd_pam.c
> ./winbindd/winbindd_util.c
>
>
> ---
> Ones with a "-" in front of them mention strup/lo, but don't use it for
> user or dom mangling.
> There are a few.
>
> Not really sure about how good the case mangling that is in there is...
> as it tries to handle unicode, w/out knowing that max UTF-8 len for
> current unicode (up through
> bit plane 17), takes 4 bytes , not 5 as a the code comments.
you are completely right here!
http://www.unicode.org/faq/utf_bom.html#gen6
the current max. specified unicode range ends at 0x0010ffff
which results to max. 4 UTF-8 bytes
---------
It's not only samba - also the todays linux kernel source might
lead to some headache:
(../fs/nls/nls_base.c)
static const struct utf8_table utf8_table[] =
{
{0x80, 0x00, 0*6, 0x7F, 0, /* 1 byte sequence */},
{0xE0, 0xC0, 1*6, 0x7FF, 0x80, /* 2 byte sequence */},
{0xF0, 0xE0, 2*6, 0xFFFF, 0x800, /* 3 byte sequence */},
{0xF8, 0xF0, 3*6, 0x1FFFFF, 0x10000, /* 4 byte sequence */},
{0xFC, 0xF8, 4*6, 0x3FFFFFF, 0x200000, /* 5 byte sequence */},
{0xFE, 0xFC, 5*6, 0x7FFFFFFF, 0x4000000, /* 6 byte sequence */},
{0, /* end of table */}
};
-------
Which samba source(s) do you refer to where 5 (or more) UTF-8 bytes are
assumed?
Cheers, Günter
>
> Also this made me wonder about making modifications, as I don't know
> what I' might
> be trying to base code on...
>
>
> use_as_is:
> /*
> * Conversion not supported. This is actually an error, but there are
> so * many misconfigured iconv systems and smb.conf's out there we can't
> just
> * fail. Do a very bad conversion instead.... JRA.
> */
> ====
> So not sure what one would end up with or what types of
> incompatibilities one might
> introduce if one were to try to introduce changes to code to code that
> passes through
> errors... how does one define case for erroneous charset usage?
>
> > How are you at digging into the code?
>
> ----
> Not ALOT of 'endurance', easily distracted....
>
> > and can identify the code that needs review, that would help. Patches
> > are even better.
>
> Last patch of mine got modified into a personal statement by someone
> about their bad experiences
> w/the security 'community'[sic]... *ahem*...
>
> > The more specific details that you can provide the better able
> > one of us will be to work with you on resolving the problems you are
> > seeing.
> >
> > Chris -)-----
>
> Well, I have raised the issue a few times...
More information about the samba
mailing list