diff options
author | Kevin McCarthy <kmccarth@redhat.com> | 2007-08-21 14:26:36 -0700 |
---|---|---|
committer | Kevin McCarthy <kmccarth@redhat.com> | 2007-08-21 14:26:36 -0700 |
commit | a8f302aa9f193984d68318a65a51b41298b1391d (patch) | |
tree | a9c2696b3c5e2756fea998d2ad5cc17596b90a7d /ipa-server/xmlrpc-server/funcs.py | |
parent | ac926646ea4619f309cbd3dbe2769aad66ec0860 (diff) | |
download | freeipa-a8f302aa9f193984d68318a65a51b41298b1391d.tar.gz freeipa-a8f302aa9f193984d68318a65a51b41298b1391d.tar.xz freeipa-a8f302aa9f193984d68318a65a51b41298b1391d.zip |
Move ldap search filter escaping into the funcs.py layer.
Diffstat (limited to 'ipa-server/xmlrpc-server/funcs.py')
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 82802487c..a261a86a5 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -29,6 +29,7 @@ from types import * import xmlrpclib import ipa.config import os +import re # Need a global to store this between requests _LDAPPool = None @@ -343,7 +344,14 @@ class IPAServer: raise xmlrpclib.Fault(1, e) except ipaserver.ipaldap.NoSuchEntryError: raise xmlrpclib.Fault(2, "No such user") - + + # TODO: this escaper assumes the python-ldap library will error out + # on invalid codepoints. we need to check malformed utf-8 input + # where the second byte in a multi-byte character + # is (illegally) ')' and make sure python-ldap + # bombs out. + criteria = re.sub(r'[\(\)\\]', ldap_search_escape, criteria) + # FIXME: Is this the filter we want or do we want to do searches of # cn as well? Or should the caller pass in the filter? filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria) @@ -459,3 +467,20 @@ class IPAServer: return res except ldap.LDAPError, e: raise xmlrpclib.Fault(1, str(e)) + + +def ldap_search_escape(match): + """Escapes out nasty characters from the ldap search. + See RFC 2254.""" + value = match.group() + if (len(value) != 1): + return "" + + if value == "(": + return "\\28" + elif value == ")": + return "\\29" + elif value == "\\": + return "\\5c" + else: + return value |