diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2015-09-01 06:58:50 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-18 17:20:42 +0200 |
commit | 6cb5bad3c8e2f35ca9dce1800a506d626f90c079 (patch) | |
tree | a4269acd1d5561c11739c9dcd4107b0acc090ea1 /src/providers | |
parent | 3d8b576bf49a79d5776574b96c6ef9535bbc46ac (diff) | |
download | sssd-6cb5bad3c8e2f35ca9dce1800a506d626f90c079.tar.gz sssd-6cb5bad3c8e2f35ca9dce1800a506d626f90c079.tar.xz sssd-6cb5bad3c8e2f35ca9dce1800a506d626f90c079.zip |
LDAP: Sanitize group dn before using in filter
Each string should be sanitized(rfc4515) before using ldbsearch.
A group dn was not sanitized in the function cleanup_groups.
Resolves:
https://fedorahosted.org/sssd/ticket/2744
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/ldap_id_cleanup.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 461e1834e..cde2ad818 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -410,6 +410,8 @@ static int cleanup_groups(TALLOC_CTX *memctx, } for (i = 0; i < count; i++) { + char *sanitized_dn; + dn = ldb_dn_get_linearized(msgs[i]->dn); if (!dn) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot linearize DN!\n"); @@ -417,6 +419,15 @@ static int cleanup_groups(TALLOC_CTX *memctx, goto done; } + /* sanitize dn */ + ret = sss_filter_sanitize(tmpctx, dn, &sanitized_dn); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "sss_filter_sanitize failed: %s:[%d]\n", + sss_strerror(ret), ret); + goto done; + } + posix = ldb_msg_find_attr_as_string(msgs[i], SYSDB_POSIX, NULL); if (!posix || strcmp(posix, "TRUE") == 0) { /* Search for users that are members of this group, or @@ -426,11 +437,14 @@ static int cleanup_groups(TALLOC_CTX *memctx, gid = (gid_t) ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0); subfilter = talloc_asprintf(tmpctx, "(&(%s=%s)(|(%s=%s)(%s=%lu)))", SYSDB_OBJECTCLASS, SYSDB_USER_CLASS, - SYSDB_MEMBEROF, dn, + SYSDB_MEMBEROF, sanitized_dn, SYSDB_GIDNUM, (long unsigned) gid); } else { - subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn); + subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, + sanitized_dn); } + talloc_zfree(sanitized_dn); + if (!subfilter) { DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; |