diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-06-30 10:19:19 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-30 10:19:19 +1000 |
commit | db89b42c3b813fd4ae059f9cc51291eaf5356602 (patch) | |
tree | c931fc5dd43df015221d8d057410822e66897491 | |
parent | 0b2b9fdeda0f7933df29a73ab7d6c511d5fd1c87 (diff) | |
download | samba-db89b42c3b813fd4ae059f9cc51291eaf5356602.tar.gz samba-db89b42c3b813fd4ae059f9cc51291eaf5356602.tar.bz2 samba-db89b42c3b813fd4ae059f9cc51291eaf5356602.zip |
s4:dsdb Explain the parsing steps for userPrincipalName cracknames calls
-rw-r--r-- | source4/dsdb/samdb/cracknames.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index d31311bd1d..119dd92355 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -560,6 +560,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, return WERR_NOMEM; } + /* Ensure we reject compleate junk first */ ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal); if (ret) { info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; @@ -568,6 +569,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, domain_filter = NULL; + /* By getting the unparsed name here, we ensure the escaping is correct (and trust the client less) */ ret = krb5_unparse_name(smb_krb5_context->krb5_context, principal, &unparsed_name); if (ret) { krb5_free_principal(smb_krb5_context->krb5_context, principal); @@ -575,6 +577,8 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, } krb5_free_principal(smb_krb5_context->krb5_context, principal); + + /* The ldb_binary_encode_string() here avoid LDAP filter injection attacks */ result_filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(userPrincipalName=%s))", ldb_binary_encode_string(mem_ctx, unparsed_name)); |