diff options
author | Sumit Bose <sbose@redhat.com> | 2017-10-16 11:47:46 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-10-18 12:35:59 +0200 |
commit | c2dec0dc740ba426f26563563c0aea3a38f3c3c1 (patch) | |
tree | 75e0d082ebfa53aca7de03d0a92b9c5ec445b10d | |
parent | da7a3c347dd630085839afa7ec245ee9d36f6ce2 (diff) | |
download | sssd-c2dec0dc740ba426f26563563c0aea3a38f3c3c1.tar.gz sssd-c2dec0dc740ba426f26563563c0aea3a38f3c3c1.tar.xz sssd-c2dec0dc740ba426f26563563c0aea3a38f3c3c1.zip |
IPA: sanitize name in override search filter
Resolves:
https://pagure.io/SSSD/sssd/issue/3545
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
-rw-r--r-- | src/providers/ipa/ipa_views.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index 5b6fcbc9b..2a918bdc8 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -39,6 +39,7 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, char *cert_filter; int ret; char *shortname; + char *sanitized_name; switch (ar->filter_type) { case BE_FILTER_NAME: @@ -48,20 +49,27 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, return ret; } + ret = sss_filter_sanitize(mem_ctx, shortname, &sanitized_name); + talloc_free(shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n"); + return ret; + } + switch ((ar->entry_type & BE_REQ_TYPE_MASK)) { case BE_REQ_USER: case BE_REQ_INITGROUPS: filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))", ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name, ipa_opts->override_map[IPA_AT_OVERRIDE_USER_NAME].name, - shortname); + sanitized_name); break; case BE_REQ_GROUP: filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))", ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name, ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_NAME].name, - shortname); + sanitized_name); break; case BE_REQ_USER_AND_GROUP: @@ -70,15 +78,15 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, ipa_opts->override_map[IPA_AT_OVERRIDE_USER_NAME].name, ar->filter_value, ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_NAME].name, - shortname); + sanitized_name); break; default: DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected entry type [%d] for name filter.\n", ar->entry_type); - talloc_free(shortname); + talloc_free(sanitized_name); return EINVAL; } - talloc_free(shortname); + talloc_free(sanitized_name); break; case BE_FILTER_IDNUM: |