rpms / sssd

Clone
Source Code
GIT

Files

el5 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f21
  2.   0009-LDAP-Sanitize-group-dn-before-using-in-filter.patch
Blob Blame History Raw 
From 4cbf713b41ae368bc03c1b469e2bb0f568545c82 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Tue, 1 Sep 2015 06:58:50 +0200
Subject: [PATCH 09/21] LDAP: Sanitize group dn before using in filter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Each string should be sanitized(rfc4515) before using ldbsearch.
A group dn was not sanitized in the function cleanup_groups.

Resolves:
https://fedorahosted.org/sssd/ticket/2744

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 6cb5bad3c8e2f35ca9dce1800a506d626f90c079)
---
 src/providers/ldap/ldap_id_cleanup.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 171c9b0..73e5e6f 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -359,6 +359,8 @@ static int cleanup_groups(TALLOC_CTX *memctx,
     }
 
     for (i = 0; i < count; i++) {
+        char *sanitized_dn;
+
         dn = ldb_dn_get_linearized(msgs[i]->dn);
         if (!dn) {
             DEBUG(SSSDBG_CRIT_FAILURE, "Cannot linearize DN!\n");
@@ -366,6 +368,15 @@ static int cleanup_groups(TALLOC_CTX *memctx,
             goto done;
         }
 
+        /* sanitize dn */
+        ret = sss_filter_sanitize(tmpctx, dn, &sanitized_dn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "sss_filter_sanitize failed: %s:[%d]\n",
+                  sss_strerror(ret), ret);
+            goto done;
+        }
+
         posix = ldb_msg_find_attr_as_string(msgs[i], SYSDB_POSIX, NULL);
         if (!posix || strcmp(posix, "TRUE") == 0) {
             /* Search for users that are members of this group, or
@@ -375,11 +386,14 @@ static int cleanup_groups(TALLOC_CTX *memctx,
             gid = (gid_t) ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
             subfilter = talloc_asprintf(tmpctx, "(&(%s=%s)(|(%s=%s)(%s=%lu)))",
                                         SYSDB_OBJECTCLASS, SYSDB_USER_CLASS,
-                                        SYSDB_MEMBEROF, dn,
+                                        SYSDB_MEMBEROF, sanitized_dn,
                                         SYSDB_GIDNUM, (long unsigned) gid);
         } else {
-            subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn);
+            subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF,
+                                        sanitized_dn);
         }
+        talloc_zfree(sanitized_dn);
+
         if (!subfilter) {
             DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
             ret = ENOMEM;
-- 
2.5.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.