diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-11-25 16:01:59 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-28 10:39:12 +0100 |
| commit | e60b425ddc0e24178d044bef04ab7349ac7a7826 (patch) | |
| tree | 36000e9a2cacf6b4180db72a1c6a4bdc64040609 | |
| parent | e167b504d0cb3f3e69c9f556fe7dfabacd6bb694 (diff) | |
| download | sssd-e60b425ddc0e24178d044bef04ab7349ac7a7826.tar.gz sssd-e60b425ddc0e24178d044bef04ab7349ac7a7826.tar.xz sssd-e60b425ddc0e24178d044bef04ab7349ac7a7826.zip | |
SYSDB: Sanitize filter before removing ghost attrs
sysdb_add_user fails with EIO if enumeration is disabled and user contains
backslashes.
We try to remove ghost attributes from groups with disabled enumeration,
but unsanitized filter is used to find ghost attributes
"(|(ghost=usr\\\\002)" and ldb cannot parse this filter.
Resolves:
https://fedorahosted.org/sssd/ticket/2163
| -rw-r--r-- | src/db/sysdb_ops.c | 9 | ||||
| -rw-r--r-- | src/tests/sysdb-tests.c | 17 |
2 files changed, 25 insertions, 1 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index b4ed202cc..327345212 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1082,6 +1082,7 @@ sysdb_remove_ghostattr_from_groups(struct sss_domain_info *domain, struct ldb_dn *tmpdn; const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL}; const char *userdn; + char *sanitized_name; char *filter; errno_t ret = EOK; size_t group_count = 0; @@ -1092,7 +1093,13 @@ sysdb_remove_ghostattr_from_groups(struct sss_domain_info *domain, return ENOENT; } - filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, name); + ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + if (ret != EOK) { + goto done; + } + + filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", + SYSDB_GHOST, sanitized_name); if (!filter) { ret = ENOMEM; goto done; diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 9880ba0c7..cc2d66149 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -3823,6 +3823,8 @@ START_TEST(test_odd_characters) struct ldb_message *msg; const struct ldb_val *val; const char odd_username[] = "*(odd)\\user,name"; + const char odd_username_orig_dn[] = + "\\2a\\28odd\\29\\5cuser,name,cn=users,dc=example,dc=com"; const char odd_groupname[] = "*(odd\\*)\\group,name"; const char odd_netgroupname[] = "*(odd\\*)\\netgroup,name"; const char *received_user; @@ -3926,6 +3928,21 @@ START_TEST(test_odd_characters) fail_unless(ret == EOK, "sysdb_delete_group error [%d][%s]", ret, strerror(ret)); + /* Add */ + ret = sysdb_add_user(test_ctx->domain, + odd_username, + 10000, 0, + "","","", + odd_username_orig_dn, + NULL, 5400, 0); + fail_unless(ret == EOK, "sysdb_add_user error [%d][%s]", + ret, strerror(ret)); + + /* Delete User */ + ret = sysdb_delete_user(test_ctx->domain, odd_username, 10000); + fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]", + ret, strerror(ret)); + /* ===== Netgroups ===== */ /* Add */ ret = sysdb_add_netgroup(test_ctx->domain, |