summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-10-28 20:34:45 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-11-15 09:52:35 -0500
commit9edebfb8e972736eb95763b31af9740fca6775b1 (patch)
tree34d355a74f1d6ded198b253b5871a4aac40c9035 /src
parent0940074366b91dc4005a2b531a99231d1efdeadf (diff)
downloadsssd-9edebfb8e972736eb95763b31af9740fca6775b1.tar.gz
sssd-9edebfb8e972736eb95763b31af9740fca6775b1.tar.xz
sssd-9edebfb8e972736eb95763b31af9740fca6775b1.zip
Sanitize sysdb filters in the LDAP provider
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/sdap_async_accounts.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 6b14161ce..ab599f8c8 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -2590,6 +2590,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
errno_t ret;
struct sdap_nested_group_ctx *state =
tevent_req_data(req, struct sdap_nested_group_ctx);
+ char *member_dn;
char *filter;
static const char *attrs[] = SYSDB_PW_ATTRS;
size_t count;
@@ -2636,10 +2637,15 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
} while (has_key);
+ ret = sss_filter_sanitize(state, state->member_dn, &member_dn);
+ if (ret != EOK) {
+ goto error;
+ }
+
/* Check for the specified origDN in the sysdb */
filter = talloc_asprintf(NULL, "(%s=%s)",
SYSDB_ORIG_DN,
- state->member_dn);
+ member_dn);
if (!filter) {
ret = ENOMEM;
goto error;
@@ -2657,11 +2663,13 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
filter = talloc_asprintf(NULL, "(%s=%s)",
SYSDB_ORIG_DN,
- state->member_dn);
+ member_dn);
if (!filter) {
ret = ENOMEM;
goto error;
}
+ talloc_zfree(member_dn);
+
ret = sysdb_search_groups(state, state->sysdb, state->domain,
filter, attrs, &count, &msgs);
talloc_zfree(filter);
@@ -2710,6 +2718,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
return EAGAIN;
}
+ talloc_zfree(member_dn);
/* We found a user with this origDN in the sysdb */