SYSDB: Sanitize filter before sysdb_search_groups

sysdb_delete_user fails with EIO if user does not exist and contains
backslashes.
ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)),
because ghost value was not sanitized

Resolves:
https://fedorahosted.org/sssd/ticket/2163

2 files changed, 12 insertions, 1 deletions

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index c08415b09..b4ed202cc 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2502,6 +2502,7 @@ int sysdb_delete_user(struct sss_domain_info *domain,
     struct ldb_message *msg;
     int ret;
     int i;
+    char *sanitized_name;
 
     tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) {
@@ -2539,7 +2540,13 @@ int sysdb_delete_user(struct sss_domain_info *domain,
         }
     } else if (ret == ENOENT && name != NULL) {
         /* Perhaps a ghost user? */
-        filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_GHOST, name);
+        ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
+        if (ret != EOK) {
+            goto fail;
+        }
+
+        filter = talloc_asprintf(tmp_ctx, "(%s=%s)",
+                                          SYSDB_GHOST, sanitized_name);
         if (filter == NULL) {
             ret = ENOMEM;
             goto fail;
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index f7e0638b5..9880ba0c7 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -3916,6 +3916,10 @@ START_TEST(test_odd_characters)
     fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]",
                             ret, strerror(ret));
 
+    /* Delete non existing User */
+    ret = sysdb_delete_user(test_ctx->domain, odd_username, 10000);
+    fail_unless(ret == ENOENT, "sysdb_delete_user error [%d][%s]",
+                               ret, strerror(ret));
 
     /* Delete Group */
     ret = sysdb_delete_group(test_ctx->domain, odd_groupname, 20000);