diff options
author | Pavel Březina <pbrezina@redhat.com> | 2015-04-09 13:03:08 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-13 18:00:21 +0200 |
commit | 2fb2a267d0d15cce84b0ccea7e088a4b580e42fb (patch) | |
tree | 0fab62eca298087d4cc8e4037a0be150e4f7f5a5 | |
parent | 81bb9be1ae0b2a4ebe960f136a52576abcdfbbac (diff) | |
download | sssd-2fb2a267d0d15cce84b0ccea7e088a4b580e42fb.tar.gz sssd-2fb2a267d0d15cce84b0ccea7e088a4b580e42fb.tar.xz sssd-2fb2a267d0d15cce84b0ccea7e088a4b580e42fb.zip |
sudo: sanitize filter values
Resolves:
https://fedorahosted.org/sssd/ticket/2613
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit c526cd124515cc2d44a413dcbfd4a74ddb490150)
-rw-r--r-- | src/db/sysdb_sudo.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 4c50d32c7..784ac8af3 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -221,6 +221,7 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, TALLOC_CTX *tmp_ctx = NULL; char *filter = NULL; char *specific_filter = NULL; + char *sanitized = NULL; time_t now; errno_t ret; int i; @@ -246,9 +247,14 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, } if ((flags & SYSDB_SUDO_FILTER_USERNAME) && (username != NULL)) { + ret = sss_filter_sanitize(tmp_ctx, username, &sanitized); + if (ret != EOK) { + goto done; + } + specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)", SYSDB_SUDO_CACHE_AT_USER, - username); + sanitized); NULL_CHECK(specific_filter, ret, done); } @@ -261,9 +267,14 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, if ((flags & SYSDB_SUDO_FILTER_GROUPS) && (groupnames != NULL)) { for (i=0; groupnames[i] != NULL; i++) { + ret = sss_filter_sanitize(tmp_ctx, groupnames[i], &sanitized); + if (ret != EOK) { + goto done; + } + specific_filter = talloc_asprintf_append(specific_filter, "(%s=%%%s)", SYSDB_SUDO_CACHE_AT_USER, - groupnames[i]); + sanitized); NULL_CHECK(specific_filter, ret, done); } } |