diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-11-25 16:01:59 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-29 14:51:54 +0100 |
commit | 956be66436d9bcb66c7478052742b1e14ddd3f5d (patch) | |
tree | da9cfef9eabf99cc04b3b416bfd9e67652183814 /src/db/sysdb_ops.c | |
parent | fec7eabfc1be9350e1797fc79beaf4ca2f5c62e2 (diff) | |
download | sssd-956be66436d9bcb66c7478052742b1e14ddd3f5d.tar.gz sssd-956be66436d9bcb66c7478052742b1e14ddd3f5d.tar.xz sssd-956be66436d9bcb66c7478052742b1e14ddd3f5d.zip |
SYSDB: Sanitize filter before removing ghost attrs
sysdb_add_user fails with EIO if enumeration is disabled and user contains
backslashes.
We try to remove ghost attributes from groups with disabled enumeration,
but unsanitized filter is used to find ghost attributes
"(|(ghost=usr\\\\002)" and ldb cannot parse this filter.
Resolves:
https://fedorahosted.org/sssd/ticket/2163
Diffstat (limited to 'src/db/sysdb_ops.c')
-rw-r--r-- | src/db/sysdb_ops.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index eb88cd256..890bf1eb3 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1091,6 +1091,7 @@ sysdb_remove_ghostattr_from_groups(struct sysdb_ctx *sysdb, struct ldb_dn *tmpdn; const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL}; const char *userdn; + char *sanitized_name; char *filter; errno_t ret = EOK; size_t group_count = 0; @@ -1101,7 +1102,13 @@ sysdb_remove_ghostattr_from_groups(struct sysdb_ctx *sysdb, return ENOENT; } - filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, name); + ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + if (ret != EOK) { + goto done; + } + + filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", + SYSDB_GHOST, sanitized_name); if (!filter) { ret = ENOMEM; goto done; |