diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2017-01-23 10:26:50 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-01-24 11:50:07 +0100 |
| commit | 84a9611cb885f04c72cd657c3a3e7bc4aff39d93 (patch) | |
| tree | 3cc3f545e990ab007fd533070a3a83191ed7e453 /ipapython | |
| parent | ccea23138ba6e9b54c08d472341ddbd64ffc45df (diff) | |
| download | freeipa-84a9611cb885f04c72cd657c3a3e7bc4aff39d93.tar.gz freeipa-84a9611cb885f04c72cd657c3a3e7bc4aff39d93.tar.xz freeipa-84a9611cb885f04c72cd657c3a3e7bc4aff39d93.zip | |
ipaldap: properly escape raw binary values in LDAP filters
Manually escape each byte in the value, do not use
ldap.filter.escape_filter_chars() as it does not work with bytes in
Python 3.
https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/ipaldap.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index daee06878..3ee40bf71 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -19,6 +19,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +import binascii import time import datetime from decimal import Decimal @@ -1245,11 +1246,13 @@ class LDAPClient(object): return cls.combine_filters(flts, rules) elif value is not None: if isinstance(value, bytes): - if six.PY3: - value = value.decode('raw_unicode_escape') + value = binascii.hexlify(value).decode('ascii') + # value[-2:0] is empty string for the initial '\\' + value = u'\\'.join( + value[i:i+2] for i in six.moves.range(-2, len(value), 2)) else: value = value_to_utf8(value) - value = ldap.filter.escape_filter_chars(value) + value = ldap.filter.escape_filter_chars(value) if not exact: template = '%s' if leading_wildcard: |