diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-12-08 17:34:26 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2012-01-26 10:20:49 -0600 |
| commit | 71aa3d8d4ae49261f445bfa2ee3848d0e1f5a19f (patch) | |
| tree | 9bdca188a5676faff576aea39024dc449607c23d | |
| parent | d8314c5c054b98a3e583477eff66e6067745f0b6 (diff) | |
| download | freeipa.git-71aa3d8d4ae49261f445bfa2ee3848d0e1f5a19f.tar.gz freeipa.git-71aa3d8d4ae49261f445bfa2ee3848d0e1f5a19f.tar.xz freeipa.git-71aa3d8d4ae49261f445bfa2ee3848d0e1f5a19f.zip | |
Fix ldap2 combine_filters for ldap2.MATCH_NONE
"!" is a unary LDAP filter operator and cannot be treated in the
same way as binary operators ("&", "|"). Otherwise, an invalid
LDAP filter is created.
https://fedorahosted.org/freeipa/ticket/1675
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 06980345..dbe6084f 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -575,6 +575,10 @@ class ldap2(CrudBackend, Encoder): """ assert isinstance(filters, (list, tuple)) filters = [f for f in filters if f] + if filters and rules == self.MATCH_NONE: # unary operator + return '(%s%s)' % (self.MATCH_NONE, + self.combine_filters(filters, self.MATCH_ANY)) + if len(filters) > 1: flt = '(%s' % rules else: @@ -603,19 +607,10 @@ class ldap2(CrudBackend, Encoder): False - forbid trailing filter wildcard when exact=False """ if isinstance(value, (list, tuple)): - flts = [] - if rules == self.MATCH_NONE: - for v in value: - flts.append( - self.make_filter_from_attr(attr, v, exact=exact, - leading_wildcard=leading_wildcard, - trailing_wildcard=trailing_wildcard) - ) - return '(!%s)' % self.combine_filters(flts) - for v in value: - flts.append(self.make_filter_from_attr(attr, v, rules, exact, + make_filter_rules = self.MATCH_ANY if rules == self.MATCH_NONE else rules + flts = [ self.make_filter_from_attr(attr, v, exact=exact, leading_wildcard=leading_wildcard, - trailing_wildcard=trailing_wildcard)) + trailing_wildcard=trailing_wildcard) for v in value ] return self.combine_filters(flts, rules) elif value is not None: value = _ldap_filter.escape_filter_chars(value) @@ -651,11 +646,12 @@ class ldap2(CrudBackend, Encoder): ldap2.MATCH_ALL - match entries that match all attributes ldap2.MATCH_ANY - match entries that match any of attribute """ + make_filter_rules = self.MATCH_ANY if rules == self.MATCH_NONE else rules flts = [] if attrs_list is None: for (k, v) in entry_attrs.iteritems(): flts.append( - self.make_filter_from_attr(k, v, rules, exact, + self.make_filter_from_attr(k, v, make_filter_rules, exact, leading_wildcard, trailing_wildcard) ) else: @@ -663,7 +659,7 @@ class ldap2(CrudBackend, Encoder): value = entry_attrs.get(a, None) if value is not None: flts.append( - self.make_filter_from_attr(a, value, rules, exact, + self.make_filter_from_attr(a, value, make_filter_rules, exact, leading_wildcard, trailing_wildcard) ) return self.combine_filters(flts, rules) |