summaryrefslogtreecommitdiffstats
path: root/ipaserver/plugins
diff options
context:
space:
mode:
authorJr Aquino <jr.aquino@citrix.com>2011-03-30 15:14:57 -0700
committerRob Crittenden <rcritten@redhat.com>2011-03-31 12:52:08 -0400
commit463d7d2fe8553e51b51361cc607487c5750a350d (patch)
treeb29f384f02095922b465fefd20d02231a32e0281 /ipaserver/plugins
parentb3a85890ef7c80531cbd2cde0f89d79aed8d496c (diff)
downloadfreeipa-463d7d2fe8553e51b51361cc607487c5750a350d.tar.gz
freeipa-463d7d2fe8553e51b51361cc607487c5750a350d.tar.xz
freeipa-463d7d2fe8553e51b51361cc607487c5750a350d.zip
Escape LDAP characters in member and memberof searches
https://fedorahosted.org/freeipa/ticket/1140
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r--ipaserver/plugins/ldap2.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index ebbca60e5..13950d9a0 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -913,7 +913,8 @@ class ldap2(CrudBackend, Encoder):
if membertype not in [MEMBERS_ALL, MEMBERS_DIRECT, MEMBERS_INDIRECT]:
return None
- searchfilter = "(memberof=%s)" % group_dn
+ search_group_dn = _ldap_filter.escape_filter_chars(group_dn)
+ searchfilter = "(memberof=%s)" % search_group_dn
attr_list.append("member")
@@ -975,9 +976,10 @@ class ldap2(CrudBackend, Encoder):
if len(memberof) == 0:
return ([], [])
+ search_entry_dn = _ldap_filter.escape_filter_chars(entry_dn)
attr_list = ["dn", "memberof"]
searchfilter = "(|(member=%s)(memberhost=%s)(memberuser=%s))" % (
- entry_dn, entry_dn, entry_dn)
+ search_entry_dn, search_entry_dn, search_entry_dn)
# We have to do three searches because netgroups and pbac are not
# within the accounts container.
generated by cgit (git 2.34.1) at 2024-05-05 00:36:39 +0000