summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2013-11-25 16:01:59 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-12-02 16:43:16 +0100
commit0a509d518dd5d17e32e3a4c34b319a38210ba17b (patch)
tree61f8fa1f01c369123b05d882b7ef411952d5aa1b
parentbd24c6f485ac1421053167eabd6e5e963829403b (diff)
downloadsssd-0a509d518dd5d17e32e3a4c34b319a38210ba17b.tar.gz
sssd-0a509d518dd5d17e32e3a4c34b319a38210ba17b.tar.xz
sssd-0a509d518dd5d17e32e3a4c34b319a38210ba17b.zip
SYSDB: Sanitize filter before removing ghost attrs
sysdb_add_user fails with EIO if enumeration is disabled and user contains backslashes. We try to remove ghost attributes from groups with disabled enumeration, but unsanitized filter is used to find ghost attributes "(|(ghost=usr\\\\002)" and ldb cannot parse this filter. Resolves: https://fedorahosted.org/sssd/ticket/2163
-rw-r--r--src/db/sysdb_ops.c9
-rw-r--r--src/tests/sysdb-tests.c19
2 files changed, 27 insertions, 1 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index eb88cd256..890bf1eb3 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1091,6 +1091,7 @@ sysdb_remove_ghostattr_from_groups(struct sysdb_ctx *sysdb,
struct ldb_dn *tmpdn;
const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL};
const char *userdn;
+ char *sanitized_name;
char *filter;
errno_t ret = EOK;
size_t group_count = 0;
@@ -1101,7 +1102,13 @@ sysdb_remove_ghostattr_from_groups(struct sysdb_ctx *sysdb,
return ENOENT;
}
- filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, name);
+ ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)",
+ SYSDB_GHOST, sanitized_name);
if (!filter) {
ret = ENOMEM;
goto done;
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index bf964fd76..ddbf6f28f 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -3900,6 +3900,8 @@ START_TEST(test_odd_characters)
struct ldb_message *msg;
const struct ldb_val *val;
const char odd_username[] = "*(odd)\\user,name";
+ const char odd_username_orig_dn[] =
+ "\\2a\\28odd\\29\\5cuser,name,cn=users,dc=example,dc=com";
const char odd_groupname[] = "*(odd\\*)\\group,name";
const char odd_netgroupname[] = "*(odd\\*)\\netgroup,name";
const char *received_user;
@@ -4010,6 +4012,23 @@ START_TEST(test_odd_characters)
fail_unless(ret == EOK, "sysdb_delete_group error [%d][%s]",
ret, strerror(ret));
+ /* Add */
+ ret = sysdb_add_user(test_ctx->sysdb,
+ test_ctx->domain,
+ odd_username,
+ 10000, 0,
+ "","","",
+ odd_username_orig_dn,
+ NULL, 5400, 0);
+ fail_unless(ret == EOK, "sysdb_add_user error [%d][%s]",
+ ret, strerror(ret));
+
+ /* Delete User */
+ ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->domain,
+ odd_username, 10000);
+ fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]",
+ ret, strerror(ret));
+
/* ===== Netgroups ===== */
/* Add */
ret = sysdb_add_netgroup(test_ctx->sysdb, test_ctx->domain,