From 018f65de36887e585065f0e77cdd9f19cefeddca Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 25 May 2011 10:54:17 +0200 Subject: Sanitize username during initgroups call --- src/providers/ldap/sdap_async_accounts.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index f42fff294..4c909408b 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2870,6 +2870,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, const char *base_dn; char *filter; int ret; + char *clean_name; DEBUG(9, ("Retrieving info for initgroups call\n")); @@ -2886,9 +2887,14 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->grp_attrs = grp_attrs; state->orig_user = NULL; + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + return NULL; + } + filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", state->opts->user_map[SDAP_AT_USER_NAME].name, - state->name, + clean_name, state->opts->user_map[SDAP_OC_USER].name); if (!filter) { talloc_zfree(req); -- cgit