From b73f82565748161ce2b0f344f87bfbcc72f1f2ad Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Fri, 5 Oct 2007 15:25:58 -0700 Subject: Several escaping fixes: - illegal dn characters need to be escaped - null characters in search filters - dynamicedit.js was double html escaping (the python layer does it already) --- ipa-server/xmlrpc-server/funcs.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'ipa-server/xmlrpc-server/funcs.py') diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 8a6bbf91..52c38240 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -22,6 +22,7 @@ sys.path.append("/usr/share/ipa") import krbV import ldap +import ldap.dn import ipaserver.dsinstance import ipaserver.ipaldap import ipa.ipautil @@ -385,7 +386,8 @@ class IPAServer: if self.__is_user_unique(user['uid'], opts) == 0: raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) - dn="uid=%s,%s,%s" % (user['uid'], user_container,self.basedn) + dn="uid=%s,%s,%s" % (ldap.dn.escape_dn_chars(user['uid']), + user_container,self.basedn) entry = ipaserver.ipaldap.Entry(dn) # FIXME: This should be dynamic and can include just about anything @@ -688,7 +690,8 @@ class IPAServer: if self.__is_group_unique(group['cn'], opts) == 0: raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) - dn="cn=%s,%s,%s" % (group['cn'], group_container,self.basedn) + dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']), + group_container,self.basedn) entry = ipaserver.ipaldap.Entry(dn) # some required objectclasses @@ -1055,5 +1058,7 @@ def ldap_search_escape(match): elif value == "*": # drop '*' from input. search performs its own wildcarding return "" + elif value =='\x00': + return r'\00' else: return value -- cgit