Hi Guenther, Am Donnerstag, 30. Mai 2002 16:17 schrieb Guenther Deschner: > hello, > > smb.conf-manpage of 2.2.5pre and HEAD states the bug of "multi-byte > character sets in usernames": > > -----8<------------------snip--------------8<-------------- > BUG: There is currently a bug in the implementation of > security = domain with respect to multi-byte character set > usernames. The communication with a Domain Controller must > be done in UNICODE and Samba currently does not widen > multi-byte user names to UNICODE correctly, thus a multi- > byte username will not be recognized correctly at the > Domain Controller. This issue will be addressed in a > future release. > ----->8------------------snap-------------->8-------------- > > will this bug be solved in the near future? in 2.2.5 or HEAD? > > the main problem with this is that you get crippled wellknown > domain-groups with winbind (on suse linux 8, kernel 2.4.18, samba-2_2) > and german NT-servers where rid200 (Domain Admins) is Domänen-Admins, > and rid202 is Domänen-Gäste. > > now wbinfo -g cuts out the UTF8 chars and will show you e.g. > DOMAIN+Domnen-Admins, DOMAIN+Domnen-Gste, etc. > > now you cannot set XFS-ACLs properly since neither DOMAIN+Domnen-Admins > nor DOMAIN+Domänen-Admins does resolve back ... > > a simple (and ugly) workaround is to create the three domain-groups in > question in /etc/group. with that you still have to keep an eye on the > correct winbind-gid mapping and rid200 appears crippled in security tab. > > is there any other workaround for this?
I believe this is a different problem. There is just no conversion of group and user names to the desired character set. With the patch below applied I get: hasch@tower:~> getent group ... DOMAIN\Domänen-Admins:x:10003:DOMAIN\Administrator,DOMAIN\testadmin DOMAIN\Domänen-Gäste:x:10004:DOMAIN\Gast DOMAIN\Domänencomputer:x:10005: DOMAIN\Domänencontroller:x:10006: ... Now the correct usernames and groups are shown. I only added a few conversions, the correct approach would be to check all unistr2_to_ascii calls and add dos_to_unix where neccessary. I will generate a complete patch if the Samba team thinks it's worth considering and I am not completely on the wrong track :-) ...Juergen
--- nsswitch/winbindd_rpc.c.orig Thu May 30 16:25:50 2002 +++ nsswitch/winbindd_rpc.c Sat May 25 23:49:43 2002 @@ -63,7 +63,7 @@ uint32 count = 0, start=i; int j; TALLOC_CTX *ctx2; - + pstring t; ctr.sam.info1 = &info1; ctx2 = talloc_init_named("winbindd dispinfo"); @@ -92,8 +92,14 @@ } for (j=0;j<count;i++, j++) { - (*info)[i].acct_name = unistr2_tdup(mem_ctx, &info1.str[j].uni_acct_name); - (*info)[i].full_name = unistr2_tdup(mem_ctx, &info1.str[j].uni_full_name); + unistr2_to_ascii(t, &info1.str[j].uni_acct_name, sizeof(pstring)); + dos_to_unix(t); + (*info)[i].acct_name = talloc_strdup(mem_ctx, t); + + unistr2_to_ascii(t, &info1.str[j].uni_full_name, sizeof(pstring)); + dos_to_unix(t); + (*info)[i].full_name = talloc_strdup(mem_ctx, t); + (*info)[i].user_rid = info1.sam[j].rid_user; /* For the moment we set the primary group for every user to be the Domain Users group. @@ -267,6 +273,7 @@ POLICY_HND dom_pol, user_pol; BOOL got_dom_pol = False, got_user_pol = False; SAM_USERINFO_CTR *ctr; + pstring t; /* Get sam handle */ if (!(hnd = cm_get_sam_handle(domain->name))) @@ -300,10 +307,20 @@ got_user_pol = False; user_info->group_rid = ctr->info.id21->group_rid; - user_info->acct_name = unistr2_tdup(mem_ctx, - &ctr->info.id21->uni_user_name); - user_info->full_name = unistr2_tdup(mem_ctx, - &ctr->info.id21->uni_full_name); + + unistr2_to_ascii(t, &ctr->info.id21->uni_user_name, sizeof(pstring)); + dos_to_unix(t); + user_info->acct_name = talloc_strdup(mem_ctx, t); + + unistr2_to_ascii(t, &ctr->info.id21->uni_full_name, sizeof(pstring)); + dos_to_unix(t); + user_info->full_name = talloc_strdup(mem_ctx, t); + done: /* Clean up policy handles */ --- libsmb/cli_samr.c.orig Thu May 30 16:30:33 2002 +++ libsmb/cli_samr.c Sat May 25 23:30:51 2002 @@ -569,6 +569,7 @@ unistr2_to_ascii((*dom_groups)[i].acct_name, &r.uni_grp_name[name_idx], sizeof(fstring) - 1); + dos_to_unix((*dom_groups)[i].acct_name); name_idx++; } @@ -647,6 +648,7 @@ unistr2_to_ascii((*dom_groups)[i].acct_name, &r.uni_grp_name[name_idx], sizeof(fstring) - 1); + dos_to_unix((*dom_groups)[i].acct_name); name_idx++; } @@ -938,6 +940,7 @@ fstring tmp; unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp) - 1); + dos_to_unix(tmp); (*names)[i] = talloc_strdup(mem_ctx, tmp); (*name_types)[i] = r.type[i]; } --- rpcclient/cmd_samr.c.orig Sun Apr 7 10:10:35 2002 +++ rpcclient/cmd_samr.c Thu May 30 16:38:36 2002 @@ -35,9 +35,11 @@ fstring temp; unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1); + dos_to_unix(temp); printf("\tUser Name :\t%s\n", temp); unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1); + dos_to_unix(temp); printf("\tFull Name :\t%s\n", temp); unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);