summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-02-01 05:20:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-02-01 05:20:11 +0000
commitc2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6 (patch)
tree3ca8971139282d99baed4a833162fc94c0f98911 /source3/passdb/pdb_ldap.c
parent1454c1c99ab87e216dea1871b53c51ce7e548ba5 (diff)
downloadsamba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.tar.gz
samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.tar.bz2
samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.zip
Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm to
blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
Diffstat (limited to 'source3/passdb/pdb_ldap.c')
-rw-r--r--source3/passdb/pdb_ldap.c22
1 files changed, 19 insertions, 3 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e98a2cf04f..6f46201d8d 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -666,7 +666,12 @@ static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state,
LDAPMessage ** result)
{
pstring filter;
-
+ char *escape_user = escape_ldap_string_alloc(user);
+
+ if (!escape_user) {
+ return LDAP_NO_MEMORY;
+ }
+
/*
* in the filter expression, replace %u with the real name
* so in ldap filter, %u MUST exist :-)
@@ -677,7 +682,10 @@ static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state,
* have to use this here because $ is filtered out
* in pstring_sub
*/
- all_string_sub(filter, "%u", user, sizeof(pstring));
+
+
+ all_string_sub(filter, "%u", escape_user, sizeof(pstring));
+ SAFE_FREE(escape_user);
return ldapsam_search_one_user(ldap_state, filter, result);
}
@@ -691,6 +699,7 @@ static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state,
{
struct passwd *user;
pstring filter;
+ char *escape_user;
/* Get the username from the system and look that up in the LDAP */
@@ -701,9 +710,16 @@ static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state,
pstrcpy(filter, lp_ldap_filter());
- all_string_sub(filter, "%u", user->pw_name, sizeof(pstring));
+ escape_user = escape_ldap_string_alloc(user->pw_name);
+ if (!escape_user) {
+ passwd_free(&user);
+ return LDAP_NO_MEMORY;
+ }
+
+ all_string_sub(filter, "%u", escape_user, sizeof(pstring));
passwd_free(&user);
+ SAFE_FREE(escape_user);
return ldapsam_search_one_user(ldap_state, filter, result);
}