diff options
author | Kevin McCarthy <kmccarth@redhat.com> | 2007-10-05 15:25:58 -0700 |
---|---|---|
committer | Kevin McCarthy <kmccarth@redhat.com> | 2007-10-05 15:25:58 -0700 |
commit | b73f82565748161ce2b0f344f87bfbcc72f1f2ad (patch) | |
tree | 72a3668ea2f474fbc01a827456d354ed536dc8c7 /ipa-server/xmlrpc-server/funcs.py | |
parent | 1be00394e391c0b30b5efb51dff56815159812c9 (diff) | |
download | freeipa-b73f82565748161ce2b0f344f87bfbcc72f1f2ad.tar.gz freeipa-b73f82565748161ce2b0f344f87bfbcc72f1f2ad.tar.xz freeipa-b73f82565748161ce2b0f344f87bfbcc72f1f2ad.zip |
Several escaping fixes:
- illegal dn characters need to be escaped
- null characters in search filters
- dynamicedit.js was double html escaping (the python layer does it already)
Diffstat (limited to 'ipa-server/xmlrpc-server/funcs.py')
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 8a6bbf910..52c382409 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -22,6 +22,7 @@ sys.path.append("/usr/share/ipa") import krbV import ldap +import ldap.dn import ipaserver.dsinstance import ipaserver.ipaldap import ipa.ipautil @@ -385,7 +386,8 @@ class IPAServer: if self.__is_user_unique(user['uid'], opts) == 0: raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) - dn="uid=%s,%s,%s" % (user['uid'], user_container,self.basedn) + dn="uid=%s,%s,%s" % (ldap.dn.escape_dn_chars(user['uid']), + user_container,self.basedn) entry = ipaserver.ipaldap.Entry(dn) # FIXME: This should be dynamic and can include just about anything @@ -688,7 +690,8 @@ class IPAServer: if self.__is_group_unique(group['cn'], opts) == 0: raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) - dn="cn=%s,%s,%s" % (group['cn'], group_container,self.basedn) + dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']), + group_container,self.basedn) entry = ipaserver.ipaldap.Entry(dn) # some required objectclasses @@ -1055,5 +1058,7 @@ def ldap_search_escape(match): elif value == "*": # drop '*' from input. search performs its own wildcarding return "" + elif value =='\x00': + return r'\00' else: return value |