r12361: Add a new function: ldb_binary_encode_string()

This is for use on user-supplied arguments to printf style format
strings which will become ldb filters.  I have used it on LSA, SAMR
and the auth/ code so far.

Also add comments to cracknames code.

Andrew Bartlett
(This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)

1 files changed, 3 insertions, 2 deletions

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index e65a5c70f6..95a7702822 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -280,10 +280,11 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
 	const struct ldb_dn *domain_dn = NULL;
 
 	if (domain_name) {
+		char *escaped_domain = ldb_binary_encode_string(mem_ctx, domain_name);
 		/* find the domain's DN */
 		ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain_ref, domain_ref_attrs,
 					  "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", 
-					  domain_name, domain_name);
+					  escaped_domain, escaped_domain);
 		if (ret_domain == -1) {
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
 		}
@@ -306,7 +307,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
 	/* pull the user attributes */
 	ret = gendb_search(sam_ctx, mem_ctx, domain_dn, &msgs, user_attrs,
 			   "(&(sAMAccountName=%s)(objectclass=user))", 
-			   account_name);
+			   ldb_binary_encode_string(mem_ctx, account_name));
 	if (ret == -1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}