diff options
| author | Kevin McCarthy <kmccarth@redhat.com> | 2007-08-20 14:23:23 -0700 |
|---|---|---|
| committer | Kevin McCarthy <kmccarth@redhat.com> | 2007-08-20 14:23:23 -0700 |
| commit | f5e30866d1c8fe903fed4f49fee0094e6c1e4372 (patch) | |
| tree | 9fe9ba276319820f6dbb056e932cdee452c3e181 | |
| parent | 6b69d9cc464460be5119779c3d5abd9d99c6d80f (diff) | |
| download | freeipa-f5e30866d1c8fe903fed4f49fee0094e6c1e4372.tar.gz freeipa-f5e30866d1c8fe903fed4f49fee0094e6c1e4372.tar.xz freeipa-f5e30866d1c8fe903fed4f49fee0094e6c1e4372.zip | |
Escape search input. Search by uid and cn.
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/controllers.py | 24 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/templates/userlist.kid | 2 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 2 |
3 files changed, 25 insertions, 3 deletions
diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py index ab6fbc7a..089bbda2 100644 --- a/ipa-server/ipa-gui/ipagui/controllers.py +++ b/ipa-server/ipa-gui/ipagui/controllers.py @@ -1,6 +1,7 @@ import random from pickle import dumps, loads from base64 import b64encode, b64decode +import re import cherrypy import turbogears @@ -37,6 +38,22 @@ def utf8_encode(value): value = value.encode('utf-8') return value +def ldap_search_escape(match): + """Escapes out nasty characters from the ldap search. + See RFC 2254.""" + value = match.group() + if (len(value) != 1): + return u"" + + if value == u"(": + return u"\\28" + elif value == ")": + return u"\\29" + elif value == u"\\": + return u"\\5c" + else: + return value + class Root(controllers.RootController): @@ -141,7 +158,12 @@ class Root(controllers.RootController): users = None uid = kw.get('uid') if uid != None and len(uid) > 0: - users = client.find_users(uid) + try: + uid = re.sub(r'[\(\)\\]', ldap_search_escape, uid) + users = client.find_users(uid.encode('utf-8')) + except xmlrpclib.Fault, f: + turbogears.flash("User show failed: " + str(f.faultString)) + raise turbogears.redirect("/userlist") return dict(users=users, fields=forms.user.UserFields()) diff --git a/ipa-server/ipa-gui/ipagui/templates/userlist.kid b/ipa-server/ipa-gui/ipagui/templates/userlist.kid index f8535f35..df3e247e 100644 --- a/ipa-server/ipa-gui/ipagui/templates/userlist.kid +++ b/ipa-server/ipa-gui/ipagui/templates/userlist.kid @@ -8,7 +8,7 @@ <body> <div id="search"> <form action="${tg.url('/userlist')}" method="post"> - Search by uid: + Search by login/name: <input type="text" name="uid" /> <input type="submit" /> </form> diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 6f7e4e66..82802487 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -346,7 +346,7 @@ class IPAServer: # FIXME: Is this the filter we want or do we want to do searches of # cn as well? Or should the caller pass in the filter? - filter = "(uid=%s)" % criteria + filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria) try: m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn) results = m1.getList(self.basedn, self.scope, filter, sattrs) |