2 files changed, 26 insertions, 19 deletions

diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py
index a1ea88ca..bbe0f5d4 100644
--- a/ipa-server/ipa-gui/ipagui/controllers.py
+++ b/ipa-server/ipa-gui/ipagui/controllers.py
@@ -1,7 +1,6 @@
 import random
 from pickle import dumps, loads
 from base64 import b64encode, b64decode
-import re
 
 import cherrypy
 import turbogears
@@ -38,22 +37,6 @@ def utf8_encode(value):
         value = value.encode('utf-8')
     return value
 
-def ldap_search_escape(match):
-    """Escapes out nasty characters from the ldap search.
-       See RFC 2254."""
-    value = match.group()
-    if (len(value) != 1):
-        return u""
-
-    if value == u"(":
-        return u"\\28"
-    elif value == u")":
-        return u"\\29"
-    elif value == u"\\":
-        return u"\\5c"
-    else:
-        return value
-
 
 class Root(controllers.RootController):
 
@@ -159,7 +142,6 @@ class Root(controllers.RootController):
         uid = kw.get('uid')
         if uid != None and len(uid) > 0:
             try:
-                uid = re.sub(r'[\(\)\\]', ldap_search_escape, uid)
                 users = client.find_users(uid.encode('utf-8'))
             except xmlrpclib.Fault, f:
                 turbogears.flash("User show failed: " + str(f.faultString))
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 82802487..a261a86a 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -29,6 +29,7 @@ from types import *
 import xmlrpclib
 import ipa.config
 import os
+import re
 
 # Need a global to store this between requests
 _LDAPPool = None
@@ -343,7 +344,14 @@ class IPAServer:
             raise xmlrpclib.Fault(1, e)
         except ipaserver.ipaldap.NoSuchEntryError:
             raise xmlrpclib.Fault(2, "No such user")
-    
+
+        # TODO: this escaper assumes the python-ldap library will error out
+        #       on invalid codepoints.  we need to check malformed utf-8 input
+        #       where the second byte in a multi-byte character
+        #       is (illegally) ')' and make sure python-ldap
+        #       bombs out.
+        criteria = re.sub(r'[\(\)\\]', ldap_search_escape, criteria)
+
         # FIXME: Is this the filter we want or do we want to do searches of
         # cn as well? Or should the caller pass in the filter?
         filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria)
@@ -459,3 +467,20 @@ class IPAServer:
             return res
         except ldap.LDAPError, e:
             raise xmlrpclib.Fault(1, str(e))
+
+
+def ldap_search_escape(match):
+    """Escapes out nasty characters from the ldap search.
+    See RFC 2254."""
+    value = match.group()
+    if (len(value) != 1):
+        return ""
+
+    if value == "(":
+        return "\\28"
+    elif value == ")":
+        return "\\29"
+    elif value == "\\":
+        return "\\5c"
+    else:
+        return value