summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-06-30 10:19:19 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-06-30 10:19:19 +1000
commitdb89b42c3b813fd4ae059f9cc51291eaf5356602 (patch)
treec931fc5dd43df015221d8d057410822e66897491
parent0b2b9fdeda0f7933df29a73ab7d6c511d5fd1c87 (diff)
downloadsamba-db89b42c3b813fd4ae059f9cc51291eaf5356602.tar.gz
samba-db89b42c3b813fd4ae059f9cc51291eaf5356602.tar.bz2
samba-db89b42c3b813fd4ae059f9cc51291eaf5356602.zip
s4:dsdb Explain the parsing steps for userPrincipalName cracknames calls
-rw-r--r--source4/dsdb/samdb/cracknames.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index d31311bd1d..119dd92355 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -560,6 +560,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
return WERR_NOMEM;
}
+ /* Ensure we reject compleate junk first */
ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal);
if (ret) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
@@ -568,6 +569,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
domain_filter = NULL;
+ /* By getting the unparsed name here, we ensure the escaping is correct (and trust the client less) */
ret = krb5_unparse_name(smb_krb5_context->krb5_context, principal, &unparsed_name);
if (ret) {
krb5_free_principal(smb_krb5_context->krb5_context, principal);
@@ -575,6 +577,8 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
}
krb5_free_principal(smb_krb5_context->krb5_context, principal);
+
+ /* The ldb_binary_encode_string() here avoid LDAP filter injection attacks */
result_filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(userPrincipalName=%s))",
ldb_binary_encode_string(mem_ctx, unparsed_name));