dotnet/runtime

LdapConnection does not handle passwords containing UTF-8 characters on Linux

Open

#82,601 创建于 2023年2月24日

在 GitHub 查看
 (14 评论) (0 反应) (0 负责人)C# (5,445 fork)batch import
area-System.DirectoryServiceshelp wanted

仓库指标

Star
 (17,886 star)
PR 合并指标
 (平均合并 12天 11小时) (30 天内合并 661 个 PR)

描述

Description

When using LdapConnection with a password containing point symbol (£) on Linux, the server consistently responds with Invalid Credentials error code.

When browsing the code, SessionOptions.ProtocolVersion does not seem to affect the way password is marshalled to ldap_sasl_bind function, LdapPal.StringToPtr function is always used (StringToHGlobalAnsi, StringToAnsiString) meaning the pound character will be converted to ANSI codepage or dropped.

This issue leaves out a lot of users using non-latin characters without access to LDAP authentication through dotnet, running on Linux.

Reproduction Steps

var ldapInfo = new LdapDirectoryIdentifier("1.2.3.4", 389);
var credental = new NetworkCredential("rich", "1337£", "test-ad")

using (var ldapConnection = new LdapConnection(ldapInfo, credential))
{
   ldapConnection.AuthType = AuthType.Basic;
   ldapConnection.SessionOptions.ProtocolVersion = 3;
   ldapConnection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
   ldapConnection.Bind();
}

Expected behavior

If ProtocolVersion is set to 3, marshalling should be done using UTF8, as described on https://www.ibm.com/docs/en/zos/2.1.0?topic=routines-ldap-sasl-bind-ldap-sasl-bind-s as well as parameter LDAP_OPT_UTF8_IO should be set.

Actual behavior

Invalid Credentials response is returned.

Regression?

Functionality work on my automated tests in dotnet 5, not sure what have changed internally in dotnet.

Known Workarounds

Do not use special characters in a password?

Configuration

dotnet 6 LTS, latest Manjaro

Other information

add label: area-System.DirectoryServices

贡献者指南