dotnet/runtime

LdapConnection does not handle passwords containing UTF-8 characters on Linux

Open

#82.601 aperta il 24 feb 2023

Vedi su GitHub
 (14 commenti) (0 reazioni) (0 assegnatari)C# (5445 fork)batch import
area-System.DirectoryServiceshelp wanted

Metriche repository

Star
 (17.886 star)
Metriche merge PR
 (Merge medio 12g 11h) (661 PR mergiate in 30 g)

Descrizione

Description

When using LdapConnection with a password containing point symbol (£) on Linux, the server consistently responds with Invalid Credentials error code.

When browsing the code, SessionOptions.ProtocolVersion does not seem to affect the way password is marshalled to ldap_sasl_bind function, LdapPal.StringToPtr function is always used (StringToHGlobalAnsi, StringToAnsiString) meaning the pound character will be converted to ANSI codepage or dropped.

This issue leaves out a lot of users using non-latin characters without access to LDAP authentication through dotnet, running on Linux.

Reproduction Steps

var ldapInfo = new LdapDirectoryIdentifier("1.2.3.4", 389);
var credental = new NetworkCredential("rich", "1337£", "test-ad")

using (var ldapConnection = new LdapConnection(ldapInfo, credential))
{
   ldapConnection.AuthType = AuthType.Basic;
   ldapConnection.SessionOptions.ProtocolVersion = 3;
   ldapConnection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
   ldapConnection.Bind();
}

Expected behavior

If ProtocolVersion is set to 3, marshalling should be done using UTF8, as described on https://www.ibm.com/docs/en/zos/2.1.0?topic=routines-ldap-sasl-bind-ldap-sasl-bind-s as well as parameter LDAP_OPT_UTF8_IO should be set.

Actual behavior

Invalid Credentials response is returned.

Regression?

Functionality work on my automated tests in dotnet 5, not sure what have changed internally in dotnet.

Known Workarounds

Do not use special characters in a password?

Configuration

dotnet 6 LTS, latest Manjaro

Other information

add label: area-System.DirectoryServices

Guida contributor