diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-05 11:05:38 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-15 09:52:35 -0500 |
commit | 85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e (patch) | |
tree | 9bda0a31cbc8fbcc4a5f04e4cc70765859c9c439 /src/providers/ldap/sdap_access.c | |
parent | 3e4ffc5cef28741454015c04aadc16da78aa1209 (diff) | |
download | sssd-85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e.tar.gz sssd-85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e.tar.xz sssd-85e8cbdd79359ae1f330c8b84f7b58d4fc6fda6e.zip |
Sanitize search filters in LDAP provider
Diffstat (limited to 'src/providers/ldap/sdap_access.c')
-rw-r--r-- | src/providers/ldap/sdap_access.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 4a30b74be..23c076f1f 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -114,6 +114,7 @@ static struct tevent_req *sdap_access_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; struct ldb_result *res; const char *basedn; + char *clean_username; req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx); if (req == NULL) { @@ -204,17 +205,24 @@ static struct tevent_req *sdap_access_send(TALLOC_CTX *mem_ctx, talloc_zfree(res); /* Construct the filter */ + + ret = sss_filter_sanitize(state, state->username, &clean_username); + if (ret != EOK) { + goto failed; + } + state->filter = talloc_asprintf( state, "(&(%s=%s)(objectclass=%s)%s)", state->sdap_ctx->opts->user_map[SDAP_AT_USER_NAME].name, - state->username, + clean_username, state->sdap_ctx->opts->user_map[SDAP_OC_USER].name, state->access_ctx->filter); if (state->filter == NULL) { DEBUG(0, ("Could not construct access filter\n")); goto failed; } + talloc_zfree(clean_username); DEBUG(6, ("Checking filter against LDAP\n")); |