diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-02-01 05:20:11 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-01 05:20:11 +0000 |
| commit | c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6 (patch) | |
| tree | 3ca8971139282d99baed4a833162fc94c0f98911 /source3/passdb/pdb_ldap.c | |
| parent | 1454c1c99ab87e216dea1871b53c51ce7e548ba5 (diff) | |
| download | samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.tar.gz samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.tar.bz2 samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.zip | |
Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm to
blame for the realloc() stuff.
Plus a couple of minor updates to libads.
Andrew Bartlett
(This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
Diffstat (limited to 'source3/passdb/pdb_ldap.c')
| -rw-r--r-- | source3/passdb/pdb_ldap.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index e98a2cf04f..6f46201d8d 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -666,7 +666,12 @@ static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, LDAPMessage ** result) { pstring filter; - + char *escape_user = escape_ldap_string_alloc(user); + + if (!escape_user) { + return LDAP_NO_MEMORY; + } + /* * in the filter expression, replace %u with the real name * so in ldap filter, %u MUST exist :-) @@ -677,7 +682,10 @@ static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, * have to use this here because $ is filtered out * in pstring_sub */ - all_string_sub(filter, "%u", user, sizeof(pstring)); + + + all_string_sub(filter, "%u", escape_user, sizeof(pstring)); + SAFE_FREE(escape_user); return ldapsam_search_one_user(ldap_state, filter, result); } @@ -691,6 +699,7 @@ static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state, { struct passwd *user; pstring filter; + char *escape_user; /* Get the username from the system and look that up in the LDAP */ @@ -701,9 +710,16 @@ static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state, pstrcpy(filter, lp_ldap_filter()); - all_string_sub(filter, "%u", user->pw_name, sizeof(pstring)); + escape_user = escape_ldap_string_alloc(user->pw_name); + if (!escape_user) { + passwd_free(&user); + return LDAP_NO_MEMORY; + } + + all_string_sub(filter, "%u", escape_user, sizeof(pstring)); passwd_free(&user); + SAFE_FREE(escape_user); return ldapsam_search_one_user(ldap_state, filter, result); } |