dotnet/runtime

LdapConnection does not handle passwords containing UTF-8 characters on Linux

Open

#82,601 建立於 2023年2月24日

在 GitHub 查看
 (14 留言) (0 反應) (0 負責人)C# (5,445 fork)batch import
area-System.DirectoryServiceshelp wanted

倉庫指標

Star
 (17,886 star)
PR 合併指標
 (平均合併 12天 11小時) (30 天內合併 661 個 PR)

描述

Description

When using LdapConnection with a password containing point symbol (£) on Linux, the server consistently responds with Invalid Credentials error code.

When browsing the code, SessionOptions.ProtocolVersion does not seem to affect the way password is marshalled to ldap_sasl_bind function, LdapPal.StringToPtr function is always used (StringToHGlobalAnsi, StringToAnsiString) meaning the pound character will be converted to ANSI codepage or dropped.

This issue leaves out a lot of users using non-latin characters without access to LDAP authentication through dotnet, running on Linux.

Reproduction Steps

var ldapInfo = new LdapDirectoryIdentifier("1.2.3.4", 389);
var credental = new NetworkCredential("rich", "1337£", "test-ad")

using (var ldapConnection = new LdapConnection(ldapInfo, credential))
{
   ldapConnection.AuthType = AuthType.Basic;
   ldapConnection.SessionOptions.ProtocolVersion = 3;
   ldapConnection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
   ldapConnection.Bind();
}

Expected behavior

If ProtocolVersion is set to 3, marshalling should be done using UTF8, as described on https://www.ibm.com/docs/en/zos/2.1.0?topic=routines-ldap-sasl-bind-ldap-sasl-bind-s as well as parameter LDAP_OPT_UTF8_IO should be set.

Actual behavior

Invalid Credentials response is returned.

Regression?

Functionality work on my automated tests in dotnet 5, not sure what have changed internally in dotnet.

Known Workarounds

Do not use special characters in a password?

Configuration

dotnet 6 LTS, latest Manjaro

Other information

add label: area-System.DirectoryServices

貢獻者指南