diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-05 11:05:38 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-15 09:52:35 -0500 |
| commit | 85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e (patch) | |
| tree | 9bda0a31cbc8fbcc4a5f04e4cc70765859c9c439 /src/providers/ldap/ldap_id.c | |
| parent | 3e4ffc5cef28741454015c04aadc16da78aa1209 (diff) | |
| download | sssd-85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e.tar.gz sssd-85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e.tar.xz sssd-85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e.zip | |
Sanitize search filters in LDAP provider
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 91b6c8add..07e3ae179 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -64,6 +64,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct tevent_req *req; struct users_get_state *state; const char *attr_name; + char *clean_name; int ret; req = tevent_req_create(memctx, &state, struct users_get_state); @@ -97,14 +98,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto fail; } + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto fail; + } + state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", - attr_name, name, + attr_name, clean_name, ctx->opts->user_map[SDAP_OC_USER].name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } + talloc_zfree(clean_name); /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->user_map, @@ -290,6 +297,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct tevent_req *req; struct groups_get_state *state; const char *attr_name; + char *clean_name; int ret; req = tevent_req_create(memctx, &state, struct groups_get_state); @@ -323,14 +331,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto fail; + } + state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", - attr_name, name, + attr_name, clean_name, ctx->opts->group_map[SDAP_OC_GROUP].name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } + talloc_zfree(clean_name); /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, |