LdapConnection does not handle passwords containing UTF-8 characters on Linux
#82.601 aperta il 24 feb 2023
Metriche repository
- Star
- (17.886 star)
- Metriche merge PR
- (Merge medio 12g 11h) (661 PR mergiate in 30 g)
Descrizione
Description
When using LdapConnection with a password containing point symbol (£) on Linux, the server consistently responds with Invalid Credentials error code.
When browsing the code, SessionOptions.ProtocolVersion does not seem to affect the way password is marshalled to ldap_sasl_bind function, LdapPal.StringToPtr function is always used (StringToHGlobalAnsi, StringToAnsiString) meaning the pound character will be converted to ANSI codepage or dropped.
This issue leaves out a lot of users using non-latin characters without access to LDAP authentication through dotnet, running on Linux.
Reproduction Steps
var ldapInfo = new LdapDirectoryIdentifier("1.2.3.4", 389);
var credental = new NetworkCredential("rich", "1337£", "test-ad")
using (var ldapConnection = new LdapConnection(ldapInfo, credential))
{
ldapConnection.AuthType = AuthType.Basic;
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
ldapConnection.Bind();
}
Expected behavior
If ProtocolVersion is set to 3, marshalling should be done using UTF8, as described on https://www.ibm.com/docs/en/zos/2.1.0?topic=routines-ldap-sasl-bind-ldap-sasl-bind-s as well as parameter LDAP_OPT_UTF8_IO should be set.
Actual behavior
Invalid Credentials response is returned.
Regression?
Functionality work on my automated tests in dotnet 5, not sure what have changed internally in dotnet.
Known Workarounds
Do not use special characters in a password?
Configuration
dotnet 6 LTS, latest Manjaro
Other information
add label: area-System.DirectoryServices