XmlBinaryNodeWriter failing to serialize unicode Group Managed Service Account password for web service transmission
Backstory: We are submitting an HPC job using the microsoft HPC pack 2019 SP3 SDK. HPC Doesn't natively support Active Directory gMSA accounts, so we obtain the gMSA account password via AD. The MSA password is a 256 byte password, expressed in unicode (UTF16? - .NET displays the password as 128 length)
Issue: When we attempt to submit the job this password, via the HPC webservice, the XmlBinaryNodeWriter fails to serialize with the following error:
Exception thrown: 'System.Text.EncoderFallbackException' in mscorlib.dll Unable to translate Unicode character \uDC33 at index 43 to specified code page.
Here is our gMSA password (some parts redacted for security):
Can anyone explain exactly why the serialization is failing? I guess it could be due to non displayable characters or something?
Edit: Lookling at the callstack, it appears like an MSA password is attempted to be serialized as UTF8 when it's infact UTF16. Anyone know how to tell the XmlObjectSerializer that a string is UTF16 and not 8?
Got to the bottom of it: This wasn't an issue with HPC/the serializer.
Rather, a potential bug in the DSInternals.Common.dll library, where it pulls the gMSA password out of active directory/extracts it from the SecureString object, and returns it as a string.
Comparing the correctly produced string [top] vs the incorrectly produced string [bottom] we can see some corruption.
Old code:
var passwordBlob = (byte[])result.Properties["msDS-ManagedPassword"][0];
var managedPassword = new ManagedPassword(passwordBlob);
var password = managedPassword.CurrentPassword;
New code:
var passwordBlob = (byte[])result.Properties["msDS-ManagedPassword"][0];
var managedPassword = new ManagedPassword(passwordBlob);
var password = System.Text.Encoding.Unicode.GetString(managedPassword.SecureCurrentPassword.ToByteArray());
Hopefully this helps someone else out who is manually extracting passwords from gMSA accounts.
- How to create a folder in C (need to run on both Linux and Windows)
- Is there any way to compute the width of an integer type at compile-time?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- How can I initialize all members of an array to the same value?
- How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
- Is C notably faster than C++
- How to get the Windows SDK version number a program is compiling with at compile time
- Equivalent of atoi for unsigned integers
- k&r: Exercise 1-18. Program takes input but doesnt produce any output?
- Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
- How to get the sign, mantissa and exponent of a floating point number
- How can I compute `exp(x)/2` when `x` is large?
- c programming: answer always equates to 0
- Is it possible to access a parameter of a function from another function in C?
- Will this expression evaluate to true or false (1 or 0) in C?
- What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
- Mapping a numeric range onto another
- Signalled and non-signalled state of event
- Why is faster to do a branch than a lookup?
- Forcing 64-bit long doubles?
- "error: redeclaration of 'myVariable' with no linkage:" - what's the linkage?
- Branchlessly map one list of integers to another
- SQLBindCol for long integer value on 64Bit platform?
- What's wrong with my code? CS50 Pset2: Readability
- Is there a way to redirect stdout/stderr to a string?
- Playing with gcc's intermediate GIMPLE format
- Viewing data in a circular buffer in real-time
- fmod or not fmod?
- Why do both % and fmod() exist in C
- How do you compile static pthread-win32 lib for x64?