diff options
| author | Kevin McCarthy <kmccarth@redhat.com> | 2007-08-21 14:26:36 -0700 |
|---|---|---|
| committer | Kevin McCarthy <kmccarth@redhat.com> | 2007-08-21 14:26:36 -0700 |
| commit | a8f302aa9f193984d68318a65a51b41298b1391d (patch) | |
| tree | a9c2696b3c5e2756fea998d2ad5cc17596b90a7d | |
| parent | ac926646ea4619f309cbd3dbe2769aad66ec0860 (diff) | |
| download | freeipa-a8f302aa9f193984d68318a65a51b41298b1391d.tar.gz freeipa-a8f302aa9f193984d68318a65a51b41298b1391d.tar.xz freeipa-a8f302aa9f193984d68318a65a51b41298b1391d.zip | |
Move ldap search filter escaping into the funcs.py layer.
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/controllers.py | 18 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 27 |
2 files changed, 26 insertions, 19 deletions
diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py index a1ea88ca4..bbe0f5d48 100644 --- a/ipa-server/ipa-gui/ipagui/controllers.py +++ b/ipa-server/ipa-gui/ipagui/controllers.py @@ -1,7 +1,6 @@ import random from pickle import dumps, loads from base64 import b64encode, b64decode -import re import cherrypy import turbogears @@ -38,22 +37,6 @@ def utf8_encode(value): value = value.encode('utf-8') return value -def ldap_search_escape(match): - """Escapes out nasty characters from the ldap search. - See RFC 2254.""" - value = match.group() - if (len(value) != 1): - return u"" - - if value == u"(": - return u"\\28" - elif value == u")": - return u"\\29" - elif value == u"\\": - return u"\\5c" - else: - return value - class Root(controllers.RootController): @@ -159,7 +142,6 @@ class Root(controllers.RootController): uid = kw.get('uid') if uid != None and len(uid) > 0: try: - uid = re.sub(r'[\(\)\\]', ldap_search_escape, uid) users = client.find_users(uid.encode('utf-8')) except xmlrpclib.Fault, f: turbogears.flash("User show failed: " + str(f.faultString)) diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 82802487c..a261a86a5 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -29,6 +29,7 @@ from types import * import xmlrpclib import ipa.config import os +import re # Need a global to store this between requests _LDAPPool = None @@ -343,7 +344,14 @@ class IPAServer: raise xmlrpclib.Fault(1, e) except ipaserver.ipaldap.NoSuchEntryError: raise xmlrpclib.Fault(2, "No such user") - + + # TODO: this escaper assumes the python-ldap library will error out + # on invalid codepoints. we need to check malformed utf-8 input + # where the second byte in a multi-byte character + # is (illegally) ')' and make sure python-ldap + # bombs out. + criteria = re.sub(r'[\(\)\\]', ldap_search_escape, criteria) + # FIXME: Is this the filter we want or do we want to do searches of # cn as well? Or should the caller pass in the filter? filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria) @@ -459,3 +467,20 @@ class IPAServer: return res except ldap.LDAPError, e: raise xmlrpclib.Fault(1, str(e)) + + +def ldap_search_escape(match): + """Escapes out nasty characters from the ldap search. + See RFC 2254.""" + value = match.group() + if (len(value) != 1): + return "" + + if value == "(": + return "\\28" + elif value == ")": + return "\\29" + elif value == "\\": + return "\\5c" + else: + return value |