diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-03-17 13:33:18 +1300 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:47 +0200 |
| commit | a6b82ee197f6f79bb74e0720d328c4a518e513fe (patch) | |
| tree | 980cfdea58ef20562c5f62e200d416965a3ff150 /source4/rpc_server | |
| parent | f557f82acc54d0fddf8be31bebdbc525ea80a171 (diff) | |
| download | samba-a6b82ee197f6f79bb74e0720d328c4a518e513fe.tar.gz samba-a6b82ee197f6f79bb74e0720d328c4a518e513fe.tar.xz samba-a6b82ee197f6f79bb74e0720d328c4a518e513fe.zip | |
s4-samr: Escape the username in the LDAP filter
Change-Id: I99945f0b86ea2862c88c00ad39c809ef1101ca9b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 383fce1223..1466decc08 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -102,7 +102,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(&(sAMAccountName=%s)(objectclass=user))", - r->in.account->string); + ldb_binary_encode_string(mem_ctx, r->in.account->string)); if (ret != 1) { /* Don't give the game away: (don't allow anonymous users to prove the existance of usernames) */ return NT_STATUS_WRONG_PASSWORD; @@ -249,7 +249,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(&(sAMAccountName=%s)(objectclass=user))", - r->in.account->string); + ldb_binary_encode_string(mem_ctx, r->in.account->string)); if (ret != 1) { /* Don't give the game away: (don't allow anonymous users to prove the existance of usernames) */ status = NT_STATUS_WRONG_PASSWORD; |