diff options
Diffstat (limited to 'src/db/sysdb_ops.c')
-rw-r--r-- | src/db/sysdb_ops.c | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 4cfef6823..0e39a629a 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -601,6 +601,7 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx, int ret; const char *def_attrs[] = { SYSDB_NAME, SYSDB_UPN, SYSDB_CANONICAL_UPN, SYSDB_USER_EMAIL, NULL }; + char *sanitized; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -608,6 +609,12 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx, goto done; } + ret = sss_filter_sanitize(tmp_ctx, upn, &sanitized); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n"); + goto done; + } + if (domain_scope == true) { base_dn = sysdb_user_base_dn(tmp_ctx, domain); } else { @@ -620,7 +627,7 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx, ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs ? attrs : def_attrs, - SYSDB_PWUPN_FILTER, upn, upn, upn); + SYSDB_PWUPN_FILTER, sanitized, sanitized, sanitized); if (ret != EOK) { ret = sysdb_error_to_errno(ret); goto done; @@ -4823,17 +4830,31 @@ static errno_t sysdb_search_object_by_str_attr(TALLOC_CTX *mem_ctx, bool expect_only_one_result, struct ldb_result **_res) { - char *filter; + char *filter = NULL; errno_t ret; + char *sanitized = NULL; + + if (str == NULL) { + return EINVAL; + } + + ret = sss_filter_sanitize(NULL, str, &sanitized); + if (ret != EOK || sanitized == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n"); + goto done; + } - filter = talloc_asprintf(NULL, filter_tmpl, str); + filter = talloc_asprintf(NULL, filter_tmpl, sanitized); if (filter == NULL) { - return ENOMEM; + ret = ENOMEM; + goto done; } ret = sysdb_search_object_attr(mem_ctx, domain, filter, attrs, expect_only_one_result, _res); +done: + talloc_free(sanitized); talloc_free(filter); return ret; } @@ -4922,7 +4943,8 @@ errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx, struct ldb_result **res) { int ret; - char *user_filter; + char *user_filter = NULL; + char *filter = NULL; ret = sss_cert_derb64_to_ldap_filter(mem_ctx, cert, SYSDB_USER_MAPPED_CERT, NULL, NULL, &user_filter); @@ -4931,10 +4953,15 @@ errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx, return ret; } - ret = sysdb_search_object_by_str_attr(mem_ctx, domain, - SYSDB_USER_CERT_FILTER, - user_filter, attrs, false, res); + filter = talloc_asprintf(NULL, SYSDB_USER_CERT_FILTER, user_filter); talloc_free(user_filter); + if (filter == NULL) { + return ENOMEM; + } + + ret = sysdb_search_object_attr(mem_ctx, domain, filter, attrs, false, res); + + talloc_free(filter); return ret; } |